From: Nicolas Thill Date: Wed, 20 Aug 2008 22:00:41 +0000 (+0000) Subject: move more extra packages from ./trunk to ./packages X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=56cd414d74dda7dadf4509c022168c3782549b03;p=openwrt%2Fsvn-archive%2Farchive.git move more extra packages from ./trunk to ./packages SVN-Revision: 12359 --- diff --git a/libs/gmp/Makefile b/libs/gmp/Makefile new file mode 100644 index 0000000000..59a826bdb0 --- /dev/null +++ b/libs/gmp/Makefile @@ -0,0 +1,59 @@ +# +# Copyright (C) 2006-2008 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=gmp +PKG_VERSION:=4.2.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=@GNU/gmp +PKG_MD5SUM:=7ce52531644e6d12f16911b7e3151f3f + +include $(INCLUDE_DIR)/package.mk + +define Package/libgmp + SECTION:=libs + CATEGORY:=Libraries + TITLE:=GNU multiprecision arithmetic library + URL:=http://gmplib.org/ +endef + +define Package/libgmp/description + GMP is a free library for arbitrary precision arithmetic, operating on + signed integers, rational numbers, and floating point numbers. +endef + +TARGET_CFLAGS += $(FPIC) +CONFIGURE_VARS += CC="$(TARGET_CROSS)gcc" +CONFIGURE_ARGS += \ + --enable-shared \ + --enable-static \ + +define Build/Compile + $(call Build/Compile/Default, \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + CC="$(TARGET_CC)" \ + all install \ + ) +endef + +define Build/InstallDev + mkdir -p $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/gmp* $(1)/usr/include/ + mkdir -p $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.{a,so*} $(1)/usr/lib/ +endef + +define Package/libgmp/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libgmp.so.* $(1)/usr/lib/ +endef + +$(eval $(call BuildPackage,libgmp)) diff --git a/libs/keynote/Makefile b/libs/keynote/Makefile new file mode 100644 index 0000000000..5b27257b4a --- /dev/null +++ b/libs/keynote/Makefile @@ -0,0 +1,55 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=keynote +PKG_VERSION:=2.3 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=http://downloads.openwrt.org/sources/ +PKG_MD5SUM:=b569066ac2ba1356c2112b118a7d74d0 + +include $(INCLUDE_DIR)/package.mk + +define Package/keynote + SECTION:=net + CATEGORY:=Network + DEPENDS:=@LINUX_2_6 +libopenssl + TITLE:=Simple and flexible trust-management system + URL:=http://www1.cs.columbia.edu/~angelos/keynote.html +endef + +define Package/keynote/description + KeyNote is a simple and flexible trust-management system designed to work + well for a variety of large- and small- scale Internet-based applications. + It provides a single, unified language for both local policies and + credentials. +endef + +CONFIGURE_ARGS += \ + --enable-static \ + --enable-shared + +MAKE_FLAGS += \ + CFLAGS="$(TARGET_CFLAGS)" + +define Build/InstallDev + mkdir -p $(1)/usr/include/keynote + $(CP) $(PKG_BUILD_DIR)/{assertion,header,keynote,signature}.h $(1)/usr/include/keynote/ + mkdir -p $(1)/usr/lib + $(CP) $(PKG_BUILD_DIR)/libkeynote.a $(1)/usr/lib/ +endef + +define Package/keynote/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/keynote $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,keynote)) diff --git a/libs/keynote/patches/001-build.patch b/libs/keynote/patches/001-build.patch new file mode 100644 index 0000000000..88db37230b --- /dev/null +++ b/libs/keynote/patches/001-build.patch @@ -0,0 +1,345 @@ +Index: keynote-2.3/configure.in +=================================================================== +--- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.284579072 +0200 ++++ keynote-2.3/configure.in 2007-06-04 13:22:41.389563112 +0200 +@@ -21,19 +21,13 @@ + AC_PATH_PROG(ECHO, echo, /bin/echo) + AC_PATH_PROG(SED, sed, /usr/bin/sed) + +-dnl Checks for libraries. +-LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\ +- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib" +- + AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm") + AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref") + AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto") + AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue") + + dnl Checks for header files. +-CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\ +- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\ +- -I/usr/local/openssl/include -I/pkg/include" ++CPPFLAGS="-I/usr/include/openssl" + + AC_HEADER_STDC + AC_HEADER_TIME +Index: keynote-2.3/keynote-keygen.c +=================================================================== +--- keynote-2.3.orig/keynote-keygen.c 2007-06-04 13:22:41.290578160 +0200 ++++ keynote-2.3/keynote-keygen.c 2007-06-04 13:22:41.389563112 +0200 +@@ -161,7 +161,7 @@ + if (strlen(algname) + 2 > prlen) + { + fprintf(stderr, "Parameter ``print-length'' should be larger " +- "than the length of AlgorithmName (%d)\n", strlen(algname)); ++ "than the length of AlgorithmName (%lu)\n", strlen(algname)); + exit(-1); + } + +Index: keynote-2.3/keynote.l +=================================================================== +--- keynote-2.3.orig/keynote.l 2007-06-04 13:22:41.295577400 +0200 ++++ keynote-2.3/keynote.l 2007-06-04 13:22:41.390562960 +0200 +@@ -61,7 +61,8 @@ + static struct lex_list *keynote_lex_list = (struct lex_list *) NULL; + static int keynote_max_lex_list = 32; + static int keynote_lex_counter = 0; +-static int first_tok = 0; ++extern int first_tok; ++int first_tok = 0; + %} + digit [0-9] + specnumber [1-9][0-9]* +@@ -766,7 +767,7 @@ + if (0) + { + yyunput(0, NULL); +- yy_flex_realloc(0, NULL); ++ yy_flex_realloc(NULL, 0); + } + + return en; +Index: keynote-2.3/keynote-ver.l +=================================================================== +--- keynote-2.3.orig/keynote-ver.l 2007-06-04 13:22:41.301576488 +0200 ++++ keynote-2.3/keynote-ver.l 2007-06-04 13:22:41.390562960 +0200 +@@ -267,7 +267,7 @@ + if (0) + { + yyunput(0, NULL); +- yy_flex_realloc(0, NULL); ++ yy_flex_realloc(NULL, 0); + } + } + +Index: keynote-2.3/keynote-ver.y +=================================================================== +--- keynote-2.3.orig/keynote-ver.y 2007-06-04 13:22:41.306575728 +0200 ++++ keynote-2.3/keynote-ver.y 2007-06-04 13:22:41.390562960 +0200 +@@ -49,7 +49,7 @@ + return keynote_errno; + free($1); + } +- ++ ; + expr: VSTRING EQ STRING { int i = kn_add_action(sessid, $1, $3, 0); + + if (i != 0) +@@ -64,6 +64,7 @@ + free($1); + free($3); + } expr ++ ; + %% + void + kverror(char *s) +Index: keynote-2.3/keynote.y +=================================================================== +--- keynote-2.3.orig/keynote.y 2007-06-04 13:22:41.311574968 +0200 ++++ keynote-2.3/keynote.y 2007-06-04 13:22:41.391562808 +0200 +@@ -73,8 +73,7 @@ + %} + %% + +-grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } +- localinit ++grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } localinit + | ACTSTR { keynote_exceptionflag = keynote_donteval = 0; } program + | KEYPRE { keynote_exceptionflag = keynote_donteval = 0; } + keypredicate +@@ -91,17 +90,17 @@ + STRING { keynote_lex_remove($3); + keynote_privkey = $3; + } +- ++ ; + keypredicate: /* Nothing */ { keynote_returnvalue = 0; + return 0; + } + | notemptykeypredicate { keynote_returnvalue = $1; + return 0; + } +- ++ ; + notemptykeypredicate: key { $$ = $1; } + | keyexp { $$ = $1; } +- ++ ; + keyexp: notemptykeypredicate AND { if (($1 == 0) && !keynote_justrecord) + keynote_donteval = 1; + } notemptykeypredicate +@@ -138,7 +137,7 @@ + else + $$ = 0; + } /* K-th */ +- ++ ; + keylist: key + { /* Don't do anything if we're just recording */ + if (!keynote_justrecord && !keynote_donteval) +@@ -155,7 +154,7 @@ + + keylistcount++; + } +- ++ ; + key: str { + if (keynote_donteval) + $$ = 0; +@@ -193,10 +192,10 @@ + } + } + } +- ++ ; + localinit: /* Nothing */ + | localconstants +- ++ ; + localconstants: VARIABLE EQQ STRING + { + int i; +@@ -265,12 +264,12 @@ + if (i != RESULT_TRUE) + return -1; + } localconstants +- ++ ; + program: prog { + keynote_returnvalue = $1; + return 0; + } +- ++ ; + prog: /* Nada */ { $$ = 0; } + | notemptyprog { + /* +@@ -285,7 +284,7 @@ + else + $$ = $4; + } +- ++ ; + notemptyprog: expr HINT afterhint + { + if (checkexception($1)) +@@ -300,7 +299,7 @@ + else + $$ = 0; + } +- ++ ; + afterhint: str { if (keynote_exceptionflag || keynote_donteval) + $$ = 0; + else +@@ -315,7 +314,7 @@ + } + } + | OPENBLOCK prog CLOSEBLOCK { $$ = $2; } +- ++ ; + + expr: OPENPAREN expr CLOSEPAREN { $$ = $2; } + | expr AND { if ($1 == 0) +@@ -334,19 +333,19 @@ + | stringexp { $$ = $1; } + | TRUE { $$ = 1; } + | FALSE { $$ = 0; } +- ++ ; + numexp: numex LT numex { $$ = $1 < $3; } + | numex GT numex { $$ = $1 > $3; } + | numex EQ numex { $$ = $1 == $3; } + | numex LE numex { $$ = $1 <= $3; } + | numex GE numex { $$ = $1 >= $3; } + | numex NE numex { $$ = $1 != $3; } +- ++ ; + floatexp: floatex LT floatex { $$ = $1 < $3; } + | floatex GT floatex { $$ = $1 > $3; } + | floatex LE floatex { $$ = $1 <= $3; } + | floatex GE floatex { $$ = $1 >= $3; } +- ++ ; + numex: numex PLUS numex { $$ = $1 + $3; } + | numex MINUS numex { $$ = $1 - $3; } + | numex MULT numex { $$ = $1 * $3; } +@@ -384,7 +383,7 @@ + free($2); + } + } +- ++ ; + floatex: floatex PLUS floatex { $$ = ($1 + $3); } + | floatex MINUS floatex { $$ = ($1 - $3); } + | floatex MULT floatex { $$ = ($1 * $3); } +@@ -418,7 +417,7 @@ + free($2); + } + } +- ++ ; + stringexp: str EQ str { + if (keynote_exceptionflag || keynote_donteval) + $$ = 0; +@@ -529,9 +528,9 @@ + if (i == 0) + { + #if !defined(HAVE_SNPRINTF) +- sprintf(grp, "%d", preg.re_nsub); ++ sprintf(grp, "%d", (int)preg.re_nsub); + #else /* !HAVE_SNPRINTF */ +- snprintf(grp, 3, "%d", preg.re_nsub); ++ snprintf(grp, 3, "%d", (int)preg.re_nsub); + #endif /* !HAVE_SNPRINTF */ + if (keynote_env_add("_0", grp, &keynote_temp_list, + 1, 0) != RESULT_TRUE) +@@ -579,7 +578,7 @@ + } + } + } +- ++ ; + str: str DOTT str { if (keynote_exceptionflag || keynote_donteval) + $$ = (char *) NULL; + else +@@ -605,7 +604,7 @@ + } + } + | strnotconcat { $$ = $1; } +- ++ ; + strnotconcat: STRING { $$ = $1; } + | OPENPAREN str CLOSEPAREN { $$ = $2; } + | VARIABLE { if (keynote_exceptionflag || keynote_donteval) +@@ -660,6 +659,7 @@ + return -1; + } + } ++ ; + %% + + /* +Index: keynote-2.3/Makefile.in +=================================================================== +--- keynote-2.3.orig/Makefile.in 2007-06-04 13:22:41.317574056 +0200 ++++ keynote-2.3/Makefile.in 2007-06-04 13:22:41.391562808 +0200 +@@ -41,7 +41,8 @@ + YACCFLAGS = -d -p kn -b k + LEXFLAGS2 = -Pkv -s -i + LEXFLAGS = -Cr -Pkn -s -i +-CFLAGS = -O2 -Wall # -g ++CFLAGS = -O2 -Wall -fno-strict-aliasing # -g ++LDFLAGS = @LDFLAGS@ + RMFLAGS2 = -rf + RMFLAGS = -f + NROFFFLAGS = -mandoc +@@ -83,7 +84,7 @@ + $(RANLIB) $(TARGET) + + $(TARGET2): $(TARGET) $(OBJS2) +- $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS) ++ $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LDFLAGS) $(LIBS) + + k.tab.c: keynote.y header.h keynote.h assertion.h config.h + $(YACC) $(YACCFLAGS) keynote.y +Index: keynote-2.3/signature.c +=================================================================== +--- keynote-2.3.orig/signature.c 2007-06-04 13:22:41.323573144 +0200 ++++ keynote-2.3/signature.c 2007-06-04 13:22:41.392562656 +0200 +@@ -515,7 +515,7 @@ + kk = dc->dec_key; + if (keytype == KEYNOTE_PRIVATE_KEY) + { +- if (d2i_DSAPrivateKey((DSA **) &kk, &decoded, len) == (DSA *) NULL) ++ if (d2i_DSAPrivateKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL) + { + if (ptr != (unsigned char *) NULL) + free(ptr); +@@ -526,7 +526,7 @@ + } + else + { +- if (d2i_DSAPublicKey((DSA **) &kk, &decoded, len) == (DSA *) NULL) ++ if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL) + { + if (ptr != (unsigned char *) NULL) + free(ptr); +@@ -556,7 +556,7 @@ + kk = dc->dec_key; + if (keytype == KEYNOTE_PRIVATE_KEY) + { +- if (d2i_RSAPrivateKey((RSA **) &kk, &decoded, len) == (RSA *) NULL) ++ if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL) + { + if (ptr != (unsigned char *) NULL) + free(ptr); +@@ -567,7 +567,7 @@ + } + else + { +- if (d2i_RSAPublicKey((RSA **) &kk, &decoded, len) == (RSA *) NULL) ++ if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL) + { + if (ptr != (unsigned char *) NULL) + free(ptr); diff --git a/libs/keynote/patches/002-cross_compile.patch b/libs/keynote/patches/002-cross_compile.patch new file mode 100644 index 0000000000..050efbd75b --- /dev/null +++ b/libs/keynote/patches/002-cross_compile.patch @@ -0,0 +1,588 @@ +Index: keynote-2.3/configure +=================================================================== +--- keynote-2.3.orig/configure 2007-06-04 13:22:41.259582872 +0200 ++++ keynote-2.3/configure 2007-06-04 13:22:41.658522224 +0200 +@@ -889,52 +889,10 @@ + done + test -n "$YACC" || YACC="yacc" + +-for ac_prog in openssl ssleay +-do +-# Extract the first word of "$ac_prog", so it can be a program name with args. +-set dummy $ac_prog; ac_word=$2 +-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:898: checking for $ac_word" >&5 +-if eval "test \"`echo '$''{'ac_cv_path_SSLEAY'+set}'`\" = set"; then +- echo $ac_n "(cached) $ac_c" 1>&6 +-else +- case "$SSLEAY" in +- /*) +- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a path. +- ;; +- ?:/*) +- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a dos path. +- ;; +- *) +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" +- ac_dummy="\ +- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin" +- for ac_dir in $ac_dummy; do +- test -z "$ac_dir" && ac_dir=. +- if test -f $ac_dir/$ac_word; then +- ac_cv_path_SSLEAY="$ac_dir/$ac_word" +- break +- fi +- done +- IFS="$ac_save_ifs" +- ;; +-esac +-fi +-SSLEAY="$ac_cv_path_SSLEAY" +-if test -n "$SSLEAY"; then +- echo "$ac_t""$SSLEAY" 1>&6 +-else +- echo "$ac_t""no" 1>&6 +-fi +- +-test -n "$SSLEAY" && break +-done +-test -n "$SSLEAY" || SSLEAY="/usr/local/bin/ssleay" +- + # Extract the first word of "rm", so it can be a program name with args. + set dummy rm; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:938: checking for $ac_word" >&5 ++echo "configure:896: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -970,7 +928,7 @@ + # Extract the first word of "ar", so it can be a program name with args. + set dummy ar; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:974: checking for $ac_word" >&5 ++echo "configure:932: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1006,7 +964,7 @@ + # Extract the first word of "nroff", so it can be a program name with args. + set dummy nroff; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1010: checking for $ac_word" >&5 ++echo "configure:968: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_NROFF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1042,7 +1000,7 @@ + # Extract the first word of "tar", so it can be a program name with args. + set dummy tar; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1046: checking for $ac_word" >&5 ++echo "configure:1004: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_TAR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1078,7 +1036,7 @@ + # Extract the first word of "true", so it can be a program name with args. + set dummy true; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1082: checking for $ac_word" >&5 ++echo "configure:1040: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1114,7 +1072,7 @@ + # Extract the first word of "mkdir", so it can be a program name with args. + set dummy mkdir; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1118: checking for $ac_word" >&5 ++echo "configure:1076: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1150,7 +1108,7 @@ + # Extract the first word of "tr", so it can be a program name with args. + set dummy tr; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1154: checking for $ac_word" >&5 ++echo "configure:1112: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_TR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1186,7 +1144,7 @@ + # Extract the first word of "echo", so it can be a program name with args. + set dummy echo; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1190: checking for $ac_word" >&5 ++echo "configure:1148: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_ECHO'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1222,7 +1180,7 @@ + # Extract the first word of "sed", so it can be a program name with args. + set dummy sed; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1226: checking for $ac_word" >&5 ++echo "configure:1184: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_SED'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1256,11 +1214,8 @@ + fi + + +-LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\ +- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib" +- + echo $ac_n "checking for floor in -lm""... $ac_c" 1>&6 +-echo "configure:1264: checking for floor in -lm" >&5 ++echo "configure:1219: checking for floor in -lm" >&5 + ac_lib_var=`echo m'_'floor | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1268,7 +1223,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lm $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1300,7 +1255,7 @@ + fi + + echo $ac_n "checking for RSAPrivateDecrypt in -lrsaref""... $ac_c" 1>&6 +-echo "configure:1304: checking for RSAPrivateDecrypt in -lrsaref" >&5 ++echo "configure:1259: checking for RSAPrivateDecrypt in -lrsaref" >&5 + ac_lib_var=`echo rsaref'_'RSAPrivateDecrypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1308,7 +1263,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lrsaref $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1340,7 +1295,7 @@ + fi + + echo $ac_n "checking for i2a_ASN1_STRING in -lcrypto""... $ac_c" 1>&6 +-echo "configure:1344: checking for i2a_ASN1_STRING in -lcrypto" >&5 ++echo "configure:1299: checking for i2a_ASN1_STRING in -lcrypto" >&5 + ac_lib_var=`echo crypto'_'i2a_ASN1_STRING | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1348,7 +1303,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lcrypto $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1318: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1380,7 +1335,7 @@ + fi + + echo $ac_n "checking for RSA_ref_private_encrypt in -lRSAglue""... $ac_c" 1>&6 +-echo "configure:1384: checking for RSA_ref_private_encrypt in -lRSAglue" >&5 ++echo "configure:1339: checking for RSA_ref_private_encrypt in -lRSAglue" >&5 + ac_lib_var=`echo RSAglue'_'RSA_ref_private_encrypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1388,7 +1343,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lRSAglue $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1420,12 +1375,9 @@ + fi + + +-CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\ +- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\ +- -I/usr/local/openssl/include -I/pkg/include" + + echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +-echo "configure:1429: checking how to run the C preprocessor" >&5 ++echo "configure:1381: checking how to run the C preprocessor" >&5 + # On Suns, sometimes $CPP names a directory. + if test -n "$CPP" && test -d "$CPP"; then + CPP= +@@ -1440,13 +1392,13 @@ + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1450: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1402: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1457,13 +1409,13 @@ + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1474,13 +1426,13 @@ + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1484: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1436: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1505,12 +1457,12 @@ + echo "$ac_t""$CPP" 1>&6 + + echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +-echo "configure:1509: checking for ANSI C header files" >&5 ++echo "configure:1461: checking for ANSI C header files" >&5 + if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include +@@ -1518,7 +1470,7 @@ + #include + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1474: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -1535,7 +1487,7 @@ + if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat > conftest.$ac_ext < + EOF +@@ -1553,7 +1505,7 @@ + if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat > conftest.$ac_ext < + EOF +@@ -1574,7 +1526,7 @@ + : + else + cat > conftest.$ac_ext < + #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +@@ -1585,7 +1537,7 @@ + exit (0); } + + EOF +-if { (eval echo configure:1589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + : + else +@@ -1609,12 +1561,12 @@ + fi + + echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +-echo "configure:1613: checking whether time.h and sys/time.h may both be included" >&5 ++echo "configure:1565: checking whether time.h and sys/time.h may both be included" >&5 + if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include +@@ -1623,7 +1575,7 @@ + struct tm *tp; + ; return 0; } + EOF +-if { (eval echo configure:1627: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1579: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes + else +@@ -1647,17 +1599,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:1651: checking for $ac_hdr" >&5 ++echo "configure:1603: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1613: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -1687,17 +1639,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:1691: checking for $ac_hdr" >&5 ++echo "configure:1643: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1701: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1653: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -1726,12 +1678,12 @@ + + + echo $ac_n "checking for working const""... $ac_c" 1>&6 +-echo "configure:1730: checking for working const" >&5 ++echo "configure:1682: checking for working const" >&5 + if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1736: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes + else +@@ -1801,12 +1753,12 @@ + fi + + echo $ac_n "checking for u_int""... $ac_c" 1>&6 +-echo "configure:1805: checking for u_int" >&5 ++echo "configure:1757: checking for u_int" >&5 + if eval "test \"`echo '$''{'ac_cv_type_u_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -1834,12 +1786,12 @@ + fi + + echo $ac_n "checking for u_char""... $ac_c" 1>&6 +-echo "configure:1838: checking for u_char" >&5 ++echo "configure:1790: checking for u_char" >&5 + if eval "test \"`echo '$''{'ac_cv_type_u_char'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -1870,12 +1822,12 @@ + for ac_func in regcomp open close read _open _close _read strchr memcpy + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:1874: checking for $ac_func" >&5 ++echo "configure:1826: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -1925,12 +1877,12 @@ + for ac_func in strcasecmp strncasecmp stricmp strnicmp snprintf __b64_ntop + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:1929: checking for $ac_func" >&5 ++echo "configure:1881: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -1980,12 +1932,12 @@ + for ac_func in getopt + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:1984: checking for $ac_func" >&5 ++echo "configure:1936: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -2172,7 +2124,6 @@ + s%@CC@%$CC%g + s%@RANLIB@%$RANLIB%g + s%@YACC@%$YACC%g +-s%@SSLEAY@%$SSLEAY%g + s%@RM@%$RM%g + s%@AR@%$AR%g + s%@NROFF@%$NROFF%g +Index: keynote-2.3/configure.in +=================================================================== +--- keynote-2.3.orig/configure.in 2007-06-04 13:22:41.389563112 +0200 ++++ keynote-2.3/configure.in 2007-06-04 13:22:41.658522224 +0200 +@@ -9,8 +9,8 @@ + AC_PROG_CC + AC_PROG_RANLIB + AC_PROG_YACC +-AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \ +- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin) ++dnl AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \ ++dnl $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin) + AC_PATH_PROG(RM, rm, /bin/rm) + AC_PATH_PROG(AR, ar, /usr/bin/ar) + AC_PATH_PROG(NROFF, nroff, /usr/bin/nroff) +@@ -27,7 +27,7 @@ + AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue") + + dnl Checks for header files. +-CPPFLAGS="-I/usr/include/openssl" ++dnl CPPFLAGS="-I/usr/include/openssl" + + AC_HEADER_STDC + AC_HEADER_TIME diff --git a/net/aodv-uu/Makefile b/net/aodv-uu/Makefile new file mode 100644 index 0000000000..9f55194e1f --- /dev/null +++ b/net/aodv-uu/Makefile @@ -0,0 +1,105 @@ +# +# Copyright (C) 2006-2008 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=aodv-uu +PKG_VERSION:=0.9.3 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://core.it.uu.se/core/files/ +PKG_MD5SUM:=05460543054449cb4b170252a7168c65 + +include $(INCLUDE_DIR)/package.mk + +define Package/aodv-uu/Default + TITLE:=Ad-hoc On-demand Distance Vector Routing + DEPENDS:=@BROKEN + URL:=http://core.it.uu.se/core/index.php/AODV-UU +endef + +define Package/aodv-uu/Default/description + AODV is the Ad-hoc On-demand Distance Vector routing protocol + implementation created at Uppsala University. +endef + +define Package/aodv-uu +$(call Package/aodv-uu/Default) + SECTION:=net + CATEGORY:=Network + TITLE+= (daemon) +endef + +define Package/aodv-uu/description +$(call Package/aodv-uu/Default/description) + This package contains the AODV userland daemon. +endef + +define KernelPackage/aodv-uu +$(call Package/aodv-uu/Default) + TITLE+= (kernel module) + FILES:=$(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) + SUBMENU:=Network Support + AUTOLOAD:=$(call AutoLoad,80,$(shell cat ./files/aodv-uu.modules)) +endef + +define KernelPackage/aodv-uu/description +$(call Package/aodv-uu/Default/description) + This package contains the AODV kernel module. +endef + +ifeq ($(CONFIG_LINUX_2_6),y) + define Build/Compile/linux26 + $(MAKE) -C $(LINUX_DIR) \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + PATCHLEVEL="$(LINUX_VERSION)" \ + KERNDIR="$(LINUX_DIR)" \ + SUBDIRS="$(PKG_BUILD_DIR)/lnx" \ + modules + endef +else + # We assume 2.4 builds are only for brcm-2.4 yet + define Build/Compile/linux24-brcm + $(call Build/Compile/Default,\ + KERNEL_DIR="$(LINUX_DIR)" \ + KCC="$(TARGET_CC)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + kaodv-mips \ + ) + cp $(PKG_BUILD_DIR)/lnx/kaodv-mips.$(LINUX_KMOD_SUFFIX) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) + endef +endif + +define Build/Compile + $(call Build/Compile/linux26) + $(call Build/Compile/linux24-brcm) + $(call Build/Compile/Default,\ + KERNEL_DIR="$(LINUX_DIR)" \ + KCC="$(TARGET_CC)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + aodvd \ + ) +endef + +define Package/aodv-uu/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/aodvd $(1)/usr/sbin +endef + +define Package/kmod-aodv-uu/install + $(INSTALL_DIR) $(1)/etc/modules.d + $(INSTALL_DATA) ./files/aodv-uu.modules $(1)/etc/modules.d/80-aodv-uu + $(INSTALL_DIR) $(1)/lib/modules/$(LINUX_VERSION) + $(CP) $(PKG_BUILD_DIR)/lnx/kaodv.$(LINUX_KMOD_SUFFIX) $(1)/lib/modules/$(LINUX_VERSION)/ +endef + +$(eval $(call BuildPackage,aodv-uu)) +$(eval $(call KernelPackage,aodv-uu)) diff --git a/net/aodv-uu/files/aodv-uu.modules b/net/aodv-uu/files/aodv-uu.modules new file mode 100644 index 0000000000..809c4da690 --- /dev/null +++ b/net/aodv-uu/files/aodv-uu.modules @@ -0,0 +1 @@ +kaodv diff --git a/net/aodv-uu/patches/001-normalize.patch b/net/aodv-uu/patches/001-normalize.patch new file mode 100644 index 0000000000..bdc6fdae4e --- /dev/null +++ b/net/aodv-uu/patches/001-normalize.patch @@ -0,0 +1,64 @@ +Index: aodv-uu-0.9.3/lnx/Makefile +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/Makefile 2007-06-04 13:22:19.859836128 +0200 ++++ aodv-uu-0.9.3/lnx/Makefile 2007-06-04 13:22:19.932825032 +0200 +@@ -30,7 +30,7 @@ + KCFLAGS=-Wall -Wno-strict-aliasing -O2 $(KDEFS) $(KINC) $(XDEFS) + KCFLAGS_ARM=-Wall -O2 -D__KERNEL__ -DMODULE -nostdinc $(shell $(ARM_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC) + KCFLAGS_MIPS=-Wall -mips2 -O2 -fno-pic -mno-abicalls -mlong-calls -G0 -msoft-float -D__KERNEL__ -DMODULE -nostdinc $(shell $(MIPS_CC) -print-search-dirs | sed -ne 's/install: \(.*\)/-I \1include/gp') -I$(KERNEL_INC) $(XDEFS) +- ++endif + .PHONY: clean clean-2.4 clean-2.6 indent default + + # Check for kernel version +@@ -89,5 +89,3 @@ + etags *.c *.h + indent: + indent -kr -i8 -ts8 -sob -l80 -ss -ncs *.c *.h +-endif +- +Index: aodv-uu-0.9.3/Makefile +=================================================================== +--- aodv-uu-0.9.3.orig/Makefile 2007-06-04 13:22:19.866835064 +0200 ++++ aodv-uu-0.9.3/Makefile 2007-06-04 13:22:19.932825032 +0200 +@@ -87,7 +87,7 @@ + mips: aodvd-mips kaodv-mips + + endian.h: +- $(CC) $(CFLAGS) -o endian endian.c ++ gcc -o endian endian.c + ./endian > endian.h + + $(OBJS): %.o: %.c Makefile +@@ -143,19 +143,18 @@ + @makedepend -Y./ -- $(DEFS) -- $(SRC) &>/dev/null + @makedepend -a -Y./ -- $(KDEFS) kaodv.c &>/dev/null + +-install: default +- install -s -m 755 aodvd /usr/sbin/aodvd +- @if [ ! -d /lib/modules/$(KERNEL)/aodv ]; then \ +- mkdir /lib/modules/$(KERNEL)/aodv; \ +- fi +- +- @echo "Installing kernel module in /lib/modules/$(KERNEL)/aodv/"; +- @if [ -f ./kaodv.ko ]; then \ +- install -m 644 kaodv.ko /lib/modules/$(KERNEL)/aodv/kaodv.ko; \ +- else \ +- install -m 644 kaodv.o /lib/modules/$(KERNEL)/aodv/kaodv.o; \ +- fi +- /sbin/depmod -a ++install: install-aodvd install-kaodv ++ ++install-aodvd: ++ @echo "Installing aodv in $(DESTDIR)/usr/sbin"; ++ install -d -m0755 $(DESTDIR)/usr/sbin/ ++ install -m0755 aodvd $(DESTDIR)/usr/sbin/aodvd ++ ++install-kaodv: ++ @echo "Installing kernel module in $(DESTDIR)/lib/modules/$(KERNEL)/"; ++ install -d -m0644 $(DESTDIR)/lib/modules/$(KERNEL)/ ++ install -m 644 lnx/kaodv.$(KMOD_SUFFIX) $(DESTDIR)/lib/modules/$(KERNEL)/kaodv.$(KMOD_SUFFIX); ++ + uninstall: + rm -f /usr/sbin/aodvd + rm -rf /lib/modules/$(KERNEL)/aodv diff --git a/net/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch b/net/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch new file mode 100644 index 0000000000..638de87ff7 --- /dev/null +++ b/net/aodv-uu/patches/002-linux_2.6.19_ip_route_me_harder_change.patch @@ -0,0 +1,49 @@ +Index: aodv-uu-0.9.3/lnx/kaodv-mod.c +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-04 13:22:19.830840536 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-04 13:22:20.130794936 +0200 +@@ -19,7 +19,7 @@ + * Author: Erik Nordström, + * + *****************************************************************************/ +-#include ++#include + #include + + #ifdef KERNEL26 +@@ -258,7 +258,11 @@ + if (!(*skb)) + return NF_STOLEN; + ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++ ip_route_me_harder(skb, RTN_UNSPEC); ++#else + ip_route_me_harder(skb); ++#endif + } + break; + case NF_IP_POST_ROUTING: +Index: aodv-uu-0.9.3/lnx/kaodv-queue.c +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-04 13:22:19.837839472 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-04 13:22:20.130794936 +0200 +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -246,7 +247,11 @@ + if (!entry->skb) + goto next; + } ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++ ip_route_me_harder(&entry->skb, RTN_UNSPEC); ++#else + ip_route_me_harder(&entry->skb); ++#endif + + pkts++; + diff --git a/net/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch b/net/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch new file mode 100644 index 0000000000..53d90643dc --- /dev/null +++ b/net/aodv-uu/patches/003-linux_2.6.19_security_netlink_recv_change.patch @@ -0,0 +1,16 @@ +Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-04 13:22:19.810843576 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-04 13:22:20.326765144 +0200 +@@ -284,7 +284,11 @@ + /* RCV_SKB_FAIL(-EINVAL); */ + + #ifdef KERNEL26 ++# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++ if (security_netlink_recv(skb, CAP_NET_ADMIN)) ++# else + if (security_netlink_recv(skb)) ++# endif + RCV_SKB_FAIL(-EPERM); + #endif + //write_lock_bh(&queue_lock); diff --git a/net/aodv-uu/patches/004-linux_2.6.19_includes.patch b/net/aodv-uu/patches/004-linux_2.6.19_includes.patch new file mode 100644 index 0000000000..8dc1adf013 --- /dev/null +++ b/net/aodv-uu/patches/004-linux_2.6.19_includes.patch @@ -0,0 +1,28 @@ +Index: aodv-uu-0.9.3/main.c +=================================================================== +--- aodv-uu-0.9.3.orig/main.c 2007-06-04 13:22:19.782847832 +0200 ++++ aodv-uu-0.9.3/main.c 2007-06-04 13:22:20.513736720 +0200 +@@ -26,6 +26,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +Index: aodv-uu-0.9.3/nl.c +=================================================================== +--- aodv-uu-0.9.3.orig/nl.c 2007-06-04 13:22:19.789846768 +0200 ++++ aodv-uu-0.9.3/nl.c 2007-06-04 13:22:20.513736720 +0200 +@@ -33,6 +33,10 @@ + #include + #include + #include ++#include ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++#include ++#endif + + #include "defs.h" + #include "lnx/kaodv-netlink.h" diff --git a/net/aodv-uu/patches/005-linux_2.6.22_skbuff.patch b/net/aodv-uu/patches/005-linux_2.6.22_skbuff.patch new file mode 100644 index 0000000000..0831c5f758 --- /dev/null +++ b/net/aodv-uu/patches/005-linux_2.6.22_skbuff.patch @@ -0,0 +1,164 @@ +Index: aodv-uu-0.9.3/lnx/kaodv-compat.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ aodv-uu-0.9.3/lnx/kaodv-compat.h 2007-06-17 02:49:46.844217144 +0200 +@@ -0,0 +1,15 @@ ++#ifndef __KAODV_COMPAT_H ++#define __KAODV_COMPAT_H ++ ++#include ++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) ++ ++#define ip_hdr(_skb) (_skb)->nh.iph ++#define skb_reset_network_header(_skb) do { \ ++ _skb->nh.iph = (struct iphdr *)_skb->data; \ ++ } while (0); ++ ++ ++#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) */ ++ ++#endif +Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.c +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.c 2007-06-17 02:31:56.448941960 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-ipenc.c 2007-06-17 02:45:50.420159064 +0200 +@@ -64,7 +64,7 @@ + if (skb->sk != NULL) + skb_set_owner_w(nskb, skb->sk); + +- iph = skb->nh.iph; ++ iph = ip_hdr(skb); + + skb_put(nskb, sizeof(struct min_ipenc_hdr)); + +@@ -78,7 +78,8 @@ + skb = nskb; + + /* Update pointers */ +- iph = skb->nh.iph = (struct iphdr *)skb->data; ++ skb_reset_network_header(skb); ++ iph = (struct iphdr *)skb->data; + + ipe = (struct min_ipenc_hdr *)(skb->data + (iph->ihl << 2)); + +@@ -99,8 +100,8 @@ + + ip_send_check(iph); + +- if (skb->nh.iph->id == 0) +- ip_select_ident(skb->nh.iph, skb->dst, NULL); ++ if (ip_hdr(skb)->id == 0) ++ ip_select_ident(ip_hdr(skb), skb->dst, NULL); + + return skb; + } +@@ -108,9 +109,7 @@ + struct sk_buff *ip_pkt_decapsulate(struct sk_buff *skb) + { + struct min_ipenc_hdr *ipe; +- /* skb->nh.iph is probably not set yet */ +- struct iphdr *iph = skb->nh.iph; +- ++ struct iphdr *iph = ip_hdr(skb); + + ipe = (struct min_ipenc_hdr *)((char *)iph + (iph->ihl << 2)); + +@@ -123,8 +122,9 @@ + skb->len - (iph->ihl << 2) - sizeof(struct min_ipenc_hdr)); + + skb_trim(skb, skb->len - sizeof(struct min_ipenc_hdr)); +- +- skb->nh.iph = iph = (struct iphdr *)skb->data; ++ ++ skb_reset_network_header(skb); ++ iph = (struct iphdr *)skb->data; + + iph->tot_len = htons((ntohs(iph->tot_len) - sizeof(struct min_ipenc_hdr))); + ip_send_check(iph); +Index: aodv-uu-0.9.3/lnx/kaodv-ipenc.h +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-ipenc.h 2007-06-17 02:44:13.881835120 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-ipenc.h 2007-06-17 02:44:16.549429584 +0200 +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include "kaodv-compat.h" + + #define IPPROTO_MIPE 55 + +Index: aodv-uu-0.9.3/lnx/kaodv-mod.c +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.c 2007-06-17 02:43:33.776931992 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-mod.c 2007-06-17 02:43:39.008136728 +0200 +@@ -120,7 +120,7 @@ + const struct net_device *out, + int (*okfn) (struct sk_buff *)) + { +- struct iphdr *iph = (*skb)->nh.iph; ++ struct iphdr *iph = ip_hdr(*skb); + struct expl_entry e; + struct in_addr ifaddr, bcaddr; + int res = 0; +@@ -188,7 +188,7 @@ + if (is_gateway && iph->protocol == IPPROTO_MIPE && + iph->daddr == ifaddr.s_addr) { + ip_pkt_decapsulate(*skb); +- iph = (*skb)->nh.iph; ++ iph = ip_hdr(*skb); + return NF_ACCEPT; + } + /* Ignore packets generated locally or that are for this +Index: aodv-uu-0.9.3/lnx/kaodv-mod.h +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-mod.h 2007-06-17 02:44:32.498005032 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-mod.h 2007-06-17 02:44:34.662675952 +0200 +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include "kaodv-compat.h" + + /* Interface information */ + struct if_info { +Index: aodv-uu-0.9.3/lnx/kaodv-queue.c +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.c 2007-06-17 02:45:01.513593992 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-queue.c 2007-06-17 02:45:11.534070648 +0200 +@@ -152,7 +152,7 @@ + { + int status = -EINVAL; + struct kaodv_queue_entry *entry; +- struct iphdr *iph = skb->nh.iph; ++ struct iphdr *iph = ip_hdr(skb); + + entry = kmalloc(sizeof(*entry), GFP_ATOMIC); + +Index: aodv-uu-0.9.3/lnx/kaodv-queue.h +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-queue.h 2007-06-17 02:44:50.537262648 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-queue.h 2007-06-17 02:44:53.629792512 +0200 +@@ -21,6 +21,7 @@ + *****************************************************************************/ + #ifndef _KAODV_QUEUE_H + #define _KAODV_QUEUE_H ++#include "kaodv-compat.h" + + #define KAODV_QUEUE_DROP 1 + #define KAODV_QUEUE_SEND 2 +Index: aodv-uu-0.9.3/lnx/kaodv-netlink.c +=================================================================== +--- aodv-uu-0.9.3.orig/lnx/kaodv-netlink.c 2007-06-17 02:47:48.927143264 +0200 ++++ aodv-uu-0.9.3/lnx/kaodv-netlink.c 2007-06-17 02:49:11.604574384 +0200 +@@ -338,8 +338,10 @@ + netlink_register_notifier(&kaodv_nl_notifier); + #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,14)) + kaodvnl = netlink_kernel_create(NETLINK_AODV, kaodv_netlink_rcv_sk); +-#else ++#elif (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)) + kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, THIS_MODULE); ++#else ++ kaodvnl = netlink_kernel_create(NETLINK_AODV, AODVGRP_MAX, kaodv_netlink_rcv_sk, NULL, THIS_MODULE); + #endif + if (kaodvnl == NULL) { + printk(KERN_ERR "kaodv_netlink: failed to create netlink socket\n"); diff --git a/net/ipsec-tools/Makefile b/net/ipsec-tools/Makefile new file mode 100644 index 0000000000..0f24ae12ee --- /dev/null +++ b/net/ipsec-tools/Makefile @@ -0,0 +1,86 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=ipsec-tools +PKG_VERSION:=0.7 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=@SF/ipsec-tools +PKG_MD5SUM:=c0a586924edde35264ecfe94ad1c261f + +include $(INCLUDE_DIR)/package.mk + +define Package/ipsec-tools + SECTION:=net + CATEGORY:=Network + DEPENDS:=@LINUX_2_6 +libopenssl + TITLE:=IPsec management tools + URL:=http://ipsec-tools.sourceforge.net/ +endef + +CONFIGURE_ARGS += \ + --enable-shared \ + --enable-static \ + --with-kernel-headers="$(LINUX_DIR)/include" \ + --without-readline \ + --with-openssl="$(STAGING_DIR)/usr" \ + --without-libradius \ + --without-libpam \ + --enable-dpd \ + --enable-hybrid \ + --enable-security-context=no \ + --enable-natt \ + --enable-adminport \ + --enable-ipv6 + +define Build/Configure + (cd $(PKG_BUILD_DIR); touch \ + configure.ac \ + aclocal.m4 \ + Makefile.in \ + config.h.in \ + configure \ + ); + $(call Build/Configure/Default) + echo "#undef HAVE_SHADOW_H" >> $(PKG_BUILD_DIR)/config.h +endef + +# override CFLAGS holding "-Werror" that break builds on compile warnings +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + all install +endef + +define Package/ipsec-tools/install + $(INSTALL_DIR) $(1)/etc + $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/racoon.conf $(1)/etc/ + $(SED) 's|@sysconfdir_x@|/etc|g' $(1)/etc/racoon.conf + $(INSTALL_DIR) $(1)/etc/racoon + $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/racoon/samples/psk.txt $(1)/etc/racoon/ + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipsec.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libracoon.so.* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/plainrsa-gen $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoon $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/racoonctl $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/setkey $(1)/usr/sbin/ +endef + +define Package/ipsec-tools/conffiles +/etc/racoon.conf +/etc/racoon/psk.txt +endef + +$(eval $(call BuildPackage,ipsec-tools)) diff --git a/net/ipsec-tools/patches/001-no_libfl.patch b/net/ipsec-tools/patches/001-no_libfl.patch new file mode 100644 index 0000000000..8abc9a07ed --- /dev/null +++ b/net/ipsec-tools/patches/001-no_libfl.patch @@ -0,0 +1,26 @@ +Index: ipsec-tools-0.6.6/src/racoon/cftoken.l +=================================================================== +--- ipsec-tools-0.6.6.orig/src/racoon/cftoken.l 2007-06-04 13:22:36.567296208 +0200 ++++ ipsec-tools-0.6.6/src/racoon/cftoken.l 2007-06-04 13:22:36.646284200 +0200 +@@ -105,6 +105,8 @@ + static int incstackp = 0; + + static int yy_first_time = 1; ++ ++int yywrap(void) { return 1; } + %} + + /* common seciton */ +Index: ipsec-tools-0.6.6/src/setkey/token.l +=================================================================== +--- ipsec-tools-0.6.6.orig/src/setkey/token.l 2007-06-04 13:22:36.575294992 +0200 ++++ ipsec-tools-0.6.6/src/setkey/token.l 2007-06-04 13:22:36.646284200 +0200 +@@ -84,6 +84,8 @@ + #ifndef SADB_X_EALG_AESCTR + #define SADB_X_EALG_AESCTR (-1) + #endif ++ ++int yywrap(void) { return 1; } + %} + + /* common section */ diff --git a/net/ipsec-tools/patches/002-configure_cppflags_typo.patch b/net/ipsec-tools/patches/002-configure_cppflags_typo.patch new file mode 100644 index 0000000000..407c67ecee --- /dev/null +++ b/net/ipsec-tools/patches/002-configure_cppflags_typo.patch @@ -0,0 +1,26 @@ +Index: ipsec-tools-0.6.6/configure.ac +=================================================================== +--- ipsec-tools-0.6.6.orig/configure.ac 2007-06-04 13:22:36.540300312 +0200 ++++ ipsec-tools-0.6.6/configure.ac 2007-06-04 13:22:36.841254560 +0200 +@@ -183,7 +183,7 @@ + + if test "x$crypto_dir" != "x"; then + LIBS="$LIBS -L${crypto_dir}/lib" +- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS" ++ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" + fi + AC_MSG_CHECKING(openssl version) + +Index: ipsec-tools-0.6.6/configure +=================================================================== +--- ipsec-tools-0.6.6.orig/configure 2007-06-04 13:22:36.547299248 +0200 ++++ ipsec-tools-0.6.6/configure 2007-06-04 13:22:36.850253192 +0200 +@@ -23687,7 +23687,7 @@ + + if test "x$crypto_dir" != "x"; then + LIBS="$LIBS -L${crypto_dir}/lib" +- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS" ++ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS" + fi + echo "$as_me:$LINENO: checking openssl version" >&5 + echo $ECHO_N "checking openssl version... $ECHO_C" >&6 diff --git a/net/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff b/net/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff new file mode 100644 index 0000000000..52d092e6ce --- /dev/null +++ b/net/ipsec-tools/patches/003-linux_2.6.19_rtnetlink_changes.diff @@ -0,0 +1,22 @@ +Index: ipsec-tools-0.6.6/src/racoon/grabmyaddr.c +=================================================================== +--- ipsec-tools-0.6.6.orig/src/racoon/grabmyaddr.c 2007-06-04 13:22:36.521303200 +0200 ++++ ipsec-tools-0.6.6/src/racoon/grabmyaddr.c 2007-06-04 13:22:37.064220664 +0200 +@@ -77,10 +77,17 @@ + #ifdef __linux__ + #include + #include ++#include ++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) ++# include ++#endif + #ifndef HAVE_GETIFADDRS + #define HAVE_GETIFADDRS + #define NEED_LINUX_GETIFADDRS + #endif ++#ifndef IFA_RTA ++# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg)))) ++#endif + #endif + + #ifndef HAVE_GETIFADDRS diff --git a/net/isakmpd/Makefile b/net/isakmpd/Makefile new file mode 100644 index 0000000000..4214fdb96c --- /dev/null +++ b/net/isakmpd/Makefile @@ -0,0 +1,51 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=isakmpd +PKG_VERSION:=20041012 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz +PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/i/isakmpd/ +PKG_MD5SUM:=e6d25a9e232fb186e1a48dc06453bd57 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION).orig + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/kernel.mk + +define Package/isakmpd + SECTION:=net + CATEGORY:=Network + DEPENDS:=@LINUX_2_6 +libopenssl +keynote +libgmp + TITLE:=IPsec management tools + URL:=http://isakmpd.sourceforge.net/ +endef + +define Build/Compile + CFLAGS="$(TARGET_CFLAGS)" \ + $(MAKE) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + LINUX_DIR="$(LINUX_DIR)" \ + EXTRA_CPPFLAGS="$(TARGET_CPPFLAGS) -I$(STAGING_DIR)/usr/include/openssl -I$(STAGING_DIR)/usr/include/keynote" \ + EXTRA_LDFLAGS="$(TARGET_LDFLAGS)" + + $(MAKE) -C $(PKG_BUILD_DIR) \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + INSTALL="install -c" \ + install-bin +endef + +define Package/isakmpd/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/* $(1)/ +endef + +$(eval $(call BuildPackage,isakmpd)) diff --git a/net/isakmpd/patches/010-debian_3.patch b/net/isakmpd/patches/010-debian_3.patch new file mode 100644 index 0000000000..0f50cf9c07 --- /dev/null +++ b/net/isakmpd/patches/010-debian_3.patch @@ -0,0 +1,1753 @@ +Index: isakmpd-20041012.orig/dpd.c +=================================================================== +--- isakmpd-20041012.orig.orig/dpd.c 2007-06-04 13:22:39.088912864 +0200 ++++ isakmpd-20041012.orig/dpd.c 2007-06-04 13:22:39.282883376 +0200 +@@ -26,6 +26,7 @@ + + #include + #include ++#include + + #include "sysdep.h" + +@@ -174,6 +175,7 @@ + } + break; + default: ++ ; + } + + /* Mark handled. */ +@@ -223,6 +225,7 @@ + dpd_check_event, sa, &tv); + break; + default: ++ ; + } + if (!sa->dpd_event) + log_print("dpd_timer_reset: timer_add_event failed"); +Index: isakmpd-20041012.orig/ipsec.c +=================================================================== +--- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.093912104 +0200 ++++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200 +@@ -1020,6 +1020,52 @@ + } + } + ++/* ++ * deal with a NOTIFY of INVALID_SPI ++ */ ++static void ++ipsec_invalid_spi (struct message *msg, struct payload *p) ++{ ++ struct sockaddr *dst; ++ int invspisz, off; ++ u_int32_t spi; ++ u_int16_t totsiz; ++ u_int8_t spisz; ++ ++ /* Any notification that make us do something should be protected */ ++ if(!TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_HASH])) ++ { ++ LOG_DBG ((LOG_SA, 40, ++ "ipsec_invalid_spi: missing HASH payload in INVALID_SPI" ++ " notification")); ++ return; ++ } ++ ++ /* ++ * get the invalid spi out of the variable sized notification data ++ * field, which is after the variable sized SPI field [which specifies ++ * the receiving entity's phase-1 SPI, not the invalid spi] ++ */ ++ totsiz = GET_ISAKMP_GEN_LENGTH (p->p); ++ spisz = GET_ISAKMP_NOTIFY_SPI_SZ (p->p); ++ off = ISAKMP_NOTIFY_SPI_OFF + spisz; ++ invspisz = totsiz - off; ++ ++ if (invspisz != sizeof spi) ++ { ++ LOG_DBG ((LOG_SA, 40, ++ "ipsec_invalid_spi: SPI size %d in INVALID_SPI " ++ "payload unsupported", spisz)); ++ return; ++ } ++ memcpy (&spi, p->p + off, sizeof spi); ++ ++ msg->transport->vtbl->get_dst (msg->transport, &dst); ++ ++ /* delete matching SPI's from this peer */ ++ ipsec_delete_spi_list (dst, 0, (u_int8_t *)&spi, 1, "INVALID_SPI"); ++} ++ + static int + ipsec_responder(struct message *msg) + { +@@ -1205,7 +1251,9 @@ + return dv != IPSEC_ENCAP_TUNNEL + && dv != IPSEC_ENCAP_TRANSPORT + && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL +- && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT; ++ && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT ++ && dv != IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT ++ && dv != IPSEC_ENCAP_UDP_ENCAP_TRANSPORT_DRAFT; + #else + return dv < IPSEC_ENCAP_TUNNEL + || dv > IPSEC_ENCAP_TRANSPORT; +@@ -1837,7 +1885,7 @@ + ipsec_get_id(char *section, int *id, struct sockaddr **addr, + struct sockaddr **mask, u_int8_t *tproto, u_int16_t *port) + { +- char *type, *address, *netmask; ++ char *type, *address, *netmask; + + type = conf_get_str(section, "ID-type"); + if (!type) { +Index: isakmpd-20041012.orig/GNUmakefile +=================================================================== +--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.099911192 +0200 ++++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200 +@@ -40,12 +40,12 @@ + # integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec. + # darwin means MacOS X 10.2 and later with KAME IPsec. linux means Linux-2.5 + # and later with native IPSec support. +-OS= openbsd ++#OS= openbsd + #OS= netbsd + #OS= freebsd + #OS= freeswan + #OS= darwin +-#OS= linux ++OS= linux + + .CURDIR:= $(shell pwd) + VPATH= ${.CURDIR}/sysdep/${OS} +@@ -55,9 +55,10 @@ + ifndef BINDIR + BINDIR= /sbin + endif +-ifndef LDSTATIC +-LDSTATIC= -static +-endif ++ ++#ifndef LDSTATIC ++#LDSTATIC= -static ++#endif + + SRCS= app.c attribute.c cert.c connection.c \ + constants.c conf.c cookie.c crypto.c dh.c doi.c exchange.c \ +@@ -131,11 +132,14 @@ + ifneq ($(findstring install,$(MAKECMDGOALS)),install) + # Skip 'regress' until the regress/ structure has gmake makefiles for it. + #SUBDIR:= regress +-SUBDIR:= ++#SUBDIR:= apps/certpatch + mksubdirs: + $(foreach DIR, ${SUBDIR}, \ +- cd ${DIR}; ${MAKE} ${MAKEFLAGS} CFLAGS="${CFLAGS}" \ +- MKDEP="${MKDEP}" ${MAKECMDGOALS}) ++ cd ${.CURDIR}/${DIR}; ${MAKE} ${MAKECMDGOALS};) ++ ++# $(foreach DIR, ${SUBDIR}, \ ++# cd ${DIR}; ${MAKE} CFLAGS="${CFLAGS}" \ ++# MKDEP="${MKDEP}" ${MAKECMDGOALS}) + else + mksubdirs: + endif +@@ -173,7 +177,7 @@ + endif + + SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ +- $(ISAKMP_CFG) ++ $(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL} + CFLAGS+= ${IPSEC_CFLAGS} + LDADD+= ${DESLIB} + DPADD+= ${DESLIBDEP} +Index: isakmpd-20041012.orig/exchange.h +=================================================================== +--- isakmpd-20041012.orig.orig/exchange.h 2007-06-04 13:22:39.104910432 +0200 ++++ isakmpd-20041012.orig/exchange.h 2007-06-04 13:22:39.283883224 +0200 +@@ -221,6 +221,8 @@ + #define EXCHANGE_FLAG_NAT_T_ENABLE 0x10 /* We are doing NAT-T. */ + #define EXCHANGE_FLAG_NAT_T_KEEPALIVE 0x20 /* We are the NAT:ed peer. */ + #define EXCHANGE_FLAG_DPD_CAP_PEER 0x40 /* Peer is DPD capable. */ ++#define EXCHANGE_FLAG_NAT_T_RFC 0x0080 /* Peer does RFC NAT-T. */ ++#define EXCHANGE_FLAG_NAT_T_DRAFT 0x0100 /* Peer does draft NAT-T.*/ + + extern int exchange_add_certs(struct message *); + extern void exchange_finalize(struct message *); +Index: isakmpd-20041012.orig/log.c +=================================================================== +--- isakmpd-20041012.orig.orig/log.c 2007-06-04 13:22:39.110909520 +0200 ++++ isakmpd-20041012.orig/log.c 2007-06-04 13:22:39.284883072 +0200 +@@ -79,7 +79,6 @@ + + struct packhdr { + struct pcap_pkthdr pcap;/* pcap file packet header */ +- u_int32_t sa_family; /* address family */ + union { + struct ip ip4; /* IPv4 header (w/o options) */ + struct ip6_hdr ip6; /* IPv6 header */ +@@ -97,7 +96,7 @@ + static u_int8_t *packet_buf = NULL; + + static int udp_cksum(struct packhdr *, const struct udphdr *, +- u_int16_t *); ++ u_int16_t *, int); + static u_int16_t in_cksum(const u_int16_t *, int); + #endif /* USE_DEBUG */ + +@@ -539,11 +538,9 @@ + udp.uh_ulen = htons(datalen); + + /* ip */ +- hdr.sa_family = htonl(src->sa_family); + switch (src->sa_family) { + default: + /* Assume IPv4. XXX Can 'default' ever happen here? */ +- hdr.sa_family = htonl(AF_INET); + hdr.ip.ip4.ip_src.s_addr = 0x02020202; + hdr.ip.ip4.ip_dst.s_addr = 0x01010101; + /* The rest of the setup is common to AF_INET. */ +@@ -584,9 +581,7 @@ + } + + /* Calculate UDP checksum. */ +- udp.uh_sum = udp_cksum(&hdr, &udp, (u_int16_t *) packet_buf); +- hdrlen += sizeof hdr.sa_family; +- ++ udp.uh_sum = udp_cksum(&hdr, &udp, (u_int16_t *) packet_buf, src->sa_family); + /* pcap file packet header */ + gettimeofday(&tv, 0); + hdr.pcap.ts.tv_sec = tv.tv_sec; +@@ -610,7 +605,7 @@ + + /* Copied from tcpdump/print-udp.c, mostly rewritten. */ + static int +-udp_cksum(struct packhdr *hdr, const struct udphdr *u, u_int16_t *d) ++udp_cksum(struct packhdr *hdr, const struct udphdr *u, u_int16_t *d, int af) + { + struct ip *ip4; + struct ip6_hdr *ip6; +@@ -639,7 +634,7 @@ + + /* Setup pseudoheader. */ + memset(phu.pa, 0, sizeof phu); +- switch (ntohl(hdr->sa_family)) { ++ switch (af) { + case AF_INET: + ip4 = &hdr->ip.ip4; + memcpy(&phu.ip4p.src, &ip4->ip_src, sizeof(struct in_addr)); +@@ -664,7 +659,7 @@ + + /* IPv6 wants a 0xFFFF checksum "on error", not 0x0. */ + if (tlen < 0) +- return (ntohl(hdr->sa_family) == AF_INET ? 0 : 0xFFFF); ++ return (af == AF_INET ? 0 : 0xFFFF); + + sum = 0; + for (i = 0; i < hdrlen; i += 2) +Index: isakmpd-20041012.orig/nat_traversal.c +=================================================================== +--- isakmpd-20041012.orig.orig/nat_traversal.c 2007-06-04 13:22:39.115908760 +0200 ++++ isakmpd-20041012.orig/nat_traversal.c 2007-06-04 13:22:39.284883072 +0200 +@@ -1,4 +1,4 @@ +-/* $OpenBSD: nat_traversal.c,v 1.7 2004/08/08 19:11:06 deraadt Exp $ */ ++/* $OpenBSD: nat_traversal.c,v 1.17 2006/06/14 14:03:33 hshoexer Exp $ */ + + /* + * Copyright (c) 2004 HÃ¥kan Olsson. All rights reserved. +@@ -48,40 +48,40 @@ + #include "util.h" + #include "virtual.h" + ++int disable_nat_t = 0; ++ + /* +- * XXX According to draft-ietf-ipsec-nat-t-ike-07.txt, the NAT-T +- * capability of the other peer is determined by a particular vendor ID +- * sent as the first message. This vendor ID string is supposed to be a +- * MD5 hash of "RFC XXXX", where XXXX is the future RFC number. ++ * NAT-T capability of the other peer is determined by a particular vendor ++ * ID sent in the first message. This vendor ID string is supposed to be a ++ * MD5 hash of "RFC 3947". + * + * These seem to be the "well" known variants of this string in use by + * products today. + */ +-static const char *isakmp_nat_t_cap_text[] = { +- "draft-ietf-ipsec-nat-t-ike-00", /* V1 (XXX: may be obsolete) */ +- "draft-ietf-ipsec-nat-t-ike-02\n", /* V2 */ +- "draft-ietf-ipsec-nat-t-ike-03", /* V3 */ +-#ifdef notyet +- "RFC XXXX", +-#endif ++ ++static struct nat_t_cap isakmp_nat_t_cap[] = { ++ { VID_DRAFT_V2_N, EXCHANGE_FLAG_NAT_T_DRAFT, ++ "draft-ietf-ipsec-nat-t-ike-02\n", NULL, 0 }, ++ { VID_DRAFT_V3, EXCHANGE_FLAG_NAT_T_DRAFT, ++ "draft-ietf-ipsec-nat-t-ike-03", NULL, 0 }, ++ { VID_RFC3947, EXCHANGE_FLAG_NAT_T_RFC, ++ "RFC 3947", NULL, 0 }, + }; + ++#define NUMNATTCAP (sizeof isakmp_nat_t_cap / sizeof isakmp_nat_t_cap[0]) ++ + /* In seconds. Recommended in draft-ietf-ipsec-udp-encaps-09. */ + #define NAT_T_KEEPALIVE_INTERVAL 20 + +-/* The MD5 hashes of the above strings is put in this array. */ +-static char **nat_t_hashes; +-static size_t nat_t_hashsize; +- + static int nat_t_setup_hashes(void); +-static int nat_t_add_vendor_payload(struct message *, char *); ++static int nat_t_add_vendor_payload(struct message *, struct nat_t_cap *); + static int nat_t_add_nat_d(struct message *, struct sockaddr *); + static int nat_t_match_nat_d_payload(struct message *, struct sockaddr *); + + void + nat_t_init(void) + { +- nat_t_hashes = (char **)NULL; ++ nat_t_setup_hashes(); + } + + /* Generate the NAT-T capability marker hashes. Executed only once. */ +@@ -89,7 +89,7 @@ + nat_t_setup_hashes(void) + { + struct hash *hash; +- int n = sizeof isakmp_nat_t_cap_text / sizeof isakmp_nat_t_cap_text[0]; ++ int n = NUMNATTCAP; + int i; + + /* The draft says to use MD5. */ +@@ -100,56 +100,49 @@ + "could not find MD5 hash structure!"); + return -1; + } +- nat_t_hashsize = hash->hashsize; + +- /* Allocate one more than is necessary, i.e NULL terminated. */ +- nat_t_hashes = (char **)calloc((size_t)(n + 1), sizeof(char *)); +- if (!nat_t_hashes) { +- log_error("nat_t_setup_hashes: calloc (%lu,%lu) failed", +- (unsigned long)n, (unsigned long)sizeof(char *)); +- return -1; +- } +- +- /* Populate with hashes. */ ++ /* Populate isakmp_nat_t_cap with hashes. */ + for (i = 0; i < n; i++) { +- nat_t_hashes[i] = (char *)malloc(nat_t_hashsize); +- if (!nat_t_hashes[i]) { ++ isakmp_nat_t_cap[i].hashsize = hash->hashsize; ++ isakmp_nat_t_cap[i].hash = (char *)malloc(hash->hashsize); ++ if (!isakmp_nat_t_cap[i].hash) { + log_error("nat_t_setup_hashes: malloc (%lu) failed", +- (unsigned long)nat_t_hashsize); ++ (unsigned long)hash->hashsize); + goto errout; + } + + hash->Init(hash->ctx); + hash->Update(hash->ctx, +- (unsigned char *)isakmp_nat_t_cap_text[i], +- strlen(isakmp_nat_t_cap_text[i])); +- hash->Final(nat_t_hashes[i], hash->ctx); ++ (unsigned char *)isakmp_nat_t_cap[i].text, ++ strlen(isakmp_nat_t_cap[i].text)); ++ hash->Final(isakmp_nat_t_cap[i].hash, hash->ctx); + + LOG_DBG((LOG_EXCHANGE, 50, "nat_t_setup_hashes: " +- "MD5(\"%s\") (%lu bytes)", isakmp_nat_t_cap_text[i], +- (unsigned long)nat_t_hashsize)); ++ "MD5(\"%s\") (%lu bytes)", isakmp_nat_t_cap[i].text, ++ (unsigned long)hash->hashsize)); + LOG_DBG_BUF((LOG_EXCHANGE, 50, "nat_t_setup_hashes", +- nat_t_hashes[i], nat_t_hashsize)); ++ isakmp_nat_t_cap[i].hash, hash->hashsize)); + } + + return 0; + +- errout: ++errout: + for (i = 0; i < n; i++) +- if (nat_t_hashes[i]) +- free(nat_t_hashes[i]); +- free(nat_t_hashes); +- nat_t_hashes = NULL; ++ if (isakmp_nat_t_cap[i].hash) ++ free(isakmp_nat_t_cap[i].hash); + return -1; + } + + /* Add one NAT-T VENDOR payload. */ + static int +-nat_t_add_vendor_payload(struct message *msg, char *hash) ++nat_t_add_vendor_payload(struct message *msg, struct nat_t_cap *cap) + { +- size_t buflen = nat_t_hashsize + ISAKMP_GEN_SZ; ++ size_t buflen = cap->hashsize + ISAKMP_GEN_SZ; + u_int8_t *buf; + ++ if (disable_nat_t) ++ return 0; ++ + buf = malloc(buflen); + if (!buf) { + log_error("nat_t_add_vendor_payload: malloc (%lu) failed", +@@ -158,12 +151,11 @@ + } + + SET_ISAKMP_GEN_LENGTH(buf, buflen); +- memcpy(buf + ISAKMP_VENDOR_ID_OFF, hash, nat_t_hashsize); ++ memcpy(buf + ISAKMP_VENDOR_ID_OFF, cap->hash, cap->hashsize); + if (message_add_payload(msg, ISAKMP_PAYLOAD_VENDOR, buf, buflen, 1)) { + free(buf); + return -1; + } +- + return 0; + } + +@@ -171,16 +163,14 @@ + int + nat_t_add_vendor_payloads(struct message *msg) + { +- int i = 0; ++ int i; + +- if (!nat_t_hashes) +- if (nat_t_setup_hashes()) +- return 0; /* XXX should this be an error? */ ++ if (disable_nat_t) ++ return 0; + +- while (nat_t_hashes[i]) +- if (nat_t_add_vendor_payload(msg, nat_t_hashes[i++])) ++ for (i = 0; i < NUMNATTCAP; i++) ++ if (nat_t_add_vendor_payload(msg, &isakmp_nat_t_cap[i])) + return -1; +- + return 0; + } + +@@ -192,36 +182,31 @@ + { + u_int8_t *pbuf = p->p; + size_t vlen; +- int i = 0; ++ int i; + +- /* Already checked? */ +- if (p->flags & PL_MARK || +- msg->exchange->flags & EXCHANGE_FLAG_NAT_T_CAP_PEER) ++ if (disable_nat_t) + return; + +- if (!nat_t_hashes) +- if (nat_t_setup_hashes()) +- return; +- + vlen = GET_ISAKMP_GEN_LENGTH(pbuf) - ISAKMP_GEN_SZ; +- if (vlen != nat_t_hashsize) { +- LOG_DBG((LOG_EXCHANGE, 50, "nat_t_check_vendor_payload: " +- "bad size %lu != %lu", (unsigned long)vlen, +- (unsigned long)nat_t_hashsize)); +- return; +- } + +- while (nat_t_hashes[i]) +- if (memcmp(nat_t_hashes[i++], pbuf + ISAKMP_GEN_SZ, ++ for (i = 0; i < NUMNATTCAP; i++) { ++ if (vlen != isakmp_nat_t_cap[i].hashsize) { ++ LOG_DBG((LOG_EXCHANGE, 50, "nat_t_check_vendor_payload: " ++ "bad size %lu != %lu", (unsigned long)vlen, ++ (unsigned long)isakmp_nat_t_cap[i].hashsize)); ++ continue; ++ } ++ if (memcmp(isakmp_nat_t_cap[i].hash, pbuf + ISAKMP_GEN_SZ, + vlen) == 0) { + /* This peer is NAT-T capable. */ + msg->exchange->flags |= EXCHANGE_FLAG_NAT_T_CAP_PEER; ++ msg->exchange->flags |= isakmp_nat_t_cap[i].flags; + LOG_DBG((LOG_EXCHANGE, 10, + "nat_t_check_vendor_payload: " + "NAT-T capable peer detected")); + p->flags |= PL_MARK; +- return; + } ++ } + + return; + } +@@ -233,10 +218,8 @@ + { + struct ipsec_exch *ie = (struct ipsec_exch *)msg->exchange->data; + struct hash *hash; +- struct prf *prf; + u_int8_t *res; + in_port_t port; +- int prf_type = PRF_HMAC; /* XXX */ + + hash = hash_get(ie->hash->type); + if (hash == NULL) { +@@ -244,31 +227,25 @@ + return NULL; + } + +- prf = prf_alloc(prf_type, hash->type, msg->exchange->cookies, +- ISAKMP_HDR_COOKIES_LEN); +- if(!prf) { +- log_print("nat_t_generate_nat_d_hash: prf_alloc failed"); +- return NULL; +- } ++ *hashlen = hash->hashsize; + +- *hashlen = prf->blocksize; + res = (u_int8_t *)malloc((unsigned long)*hashlen); + if (!res) { + log_print("nat_t_generate_nat_d_hash: malloc (%lu) failed", + (unsigned long)*hashlen); +- prf_free(prf); + *hashlen = 0; + return NULL; + } + + port = sockaddr_port(sa); +- memset(res, 0, *hashlen); +- +- prf->Update(prf->prfctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa)); +- prf->Update(prf->prfctx, (unsigned char *)&port, sizeof port); +- prf->Final(res, prf->prfctx); +- prf_free (prf); ++ bzero(res, *hashlen); + ++ hash->Init(hash->ctx); ++ hash->Update(hash->ctx, msg->exchange->cookies, ++ sizeof msg->exchange->cookies); ++ hash->Update(hash->ctx, sockaddr_addrdata(sa), sockaddr_addrlen(sa)); ++ hash->Update(hash->ctx, (unsigned char *)&port, sizeof port); ++ hash->Final(res, hash->ctx); + return res; + } + +@@ -276,6 +253,7 @@ + static int + nat_t_add_nat_d(struct message *msg, struct sockaddr *sa) + { ++ int ret; + u_int8_t *hbuf, *buf; + size_t hbuflen, buflen; + +@@ -298,11 +276,19 @@ + memcpy(buf + ISAKMP_NAT_D_DATA_OFF, hbuf, hbuflen); + free(hbuf); + +- if (message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf, buflen, 1)) { ++ if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_RFC) ++ ret = message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D, buf, ++ buflen, 1); ++ else if (msg->exchange->flags & EXCHANGE_FLAG_NAT_T_DRAFT) ++ ret = message_add_payload(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT, ++ buf, buflen, 1); ++ else ++ ret = -1; ++ ++ if (ret) { + free(buf); + return -1; + } +- + return 0; + } + +@@ -312,14 +298,14 @@ + { + struct sockaddr *sa; + +- msg->transport->vtbl->get_src(msg->transport, &sa); ++ /* Remote address first. */ ++ msg->transport->vtbl->get_dst(msg->transport, &sa); + if (nat_t_add_nat_d(msg, sa)) + return -1; + +- msg->transport->vtbl->get_dst(msg->transport, &sa); ++ msg->transport->vtbl->get_src(msg->transport, &sa); + if (nat_t_add_nat_d(msg, sa)) + return -1; +- + return 0; + } + +@@ -336,8 +322,8 @@ + * If there are no NAT-D payloads in the message, return "found" + * as this will avoid NAT-T (see nat_t_exchange_check_nat_d()). + */ +- p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D); +- if (!p) ++ if ((p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D_DRAFT)) == NULL && ++ (p = payload_first(msg, ISAKMP_PAYLOAD_NAT_D)) == NULL) + return 1; + + hbuf = nat_t_generate_nat_d_hash(msg, sa, &hbuflen); +Index: isakmpd-20041012.orig/udp_encap.c +=================================================================== +--- isakmpd-20041012.orig.orig/udp_encap.c 2007-06-04 13:22:39.121907848 +0200 ++++ isakmpd-20041012.orig/udp_encap.c 2007-06-04 13:22:39.284883072 +0200 +@@ -61,6 +61,11 @@ + + #define UDP_SIZE 65536 + ++#if defined(USE_NAT_TRAVERSAL) && defined (LINUX_IPSEC) ++#include ++#include ++#endif ++ + /* If a system doesn't have SO_REUSEPORT, SO_REUSEADDR will have to do. */ + #ifndef SO_REUSEPORT + #define SO_REUSEPORT SO_REUSEADDR +@@ -134,6 +139,18 @@ + if (sysdep_cleartext(s, laddr->sa_family) == -1) + goto err; + ++#if defined(USE_NAT_TRAVERSAL) && defined (LINUX_IPSEC) ++ { ++#ifndef SOL_UDP ++#define SOL_UDP 17 ++#endif ++ int option = UDP_ENCAP_ESPINUDP; ++ if(setsockopt(s, SOL_UDP, UDP_ENCAP, &option, ++ sizeof (option)) < 0) ++ goto err; ++ } ++#endif ++ + /* Wildcard address ? */ + switch (laddr->sa_family) { + case AF_INET: +Index: isakmpd-20041012.orig/apps/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/apps/Makefile 2007-06-04 13:22:39.126907088 +0200 ++++ isakmpd-20041012.orig/apps/Makefile 2007-06-04 13:22:39.285882920 +0200 +@@ -31,4 +31,4 @@ + + SUBDIR= certpatch + +-.include ++#.include +Index: isakmpd-20041012.orig/apps/certpatch/GNUmakefile +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ isakmpd-20041012.orig/apps/certpatch/GNUmakefile 2007-06-04 13:22:39.285882920 +0200 +@@ -0,0 +1,55 @@ ++# $OpenBSD: Makefile,v 1.7 2003/06/03 14:35:00 ho Exp $ ++# $EOM: Makefile,v 1.6 2000/03/28 21:22:06 ho Exp $ ++ ++# ++# Copyright (c) 1999 Niels Provos. All rights reserved. ++# Copyright (c) 2001 Niklas Hallqvist. All rights reserved. ++# ++# Redistribution and use in source and binary forms, with or without ++# modification, are permitted provided that the following conditions ++# are met: ++# 1. Redistributions of source code must retain the above copyright ++# notice, this list of conditions and the following disclaimer. ++# 2. Redistributions in binary form must reproduce the above copyright ++# notice, this list of conditions and the following disclaimer in the ++# documentation and/or other materials provided with the distribution. ++# ++# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++# ++ ++# ++# This code was written under funding by Ericsson Radio Systems. ++# ++ ++PROG= certpatch ++SRCS= certpatch.c ++BINDIR?= /usr/sbin ++TOPSRC= ${.CURDIR}../.. ++TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f- ++OS= linux ++FEATURES!= awk '/^FEATURES=/ { print $$0 }' ${.CURDIR}/../../Makefile | sed 's/FEATURES=.//' ++.PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} ++CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall ++LDFLAGS+= -lcrypto -lssl -lgmp ++MAN= certpatch.8 ++ ++CFLAGS+= -DMP_FLAVOUR=MP_FLAVOUR_GMP ++LDADD+= -lgmp ++DPADD+= ${LIBGMP} ++ ++# Override LIBSYSDEPDIR definition from Makefile.sysdep ++LIBSYSDEPDIR= ${TOPSRC}/sysdep/common/libsysdep ++ ++all: ${PROG} ++ ++clean: ++ rm -f ${PROG} +Index: isakmpd-20041012.orig/pf_key_v2.c +=================================================================== +--- isakmpd-20041012.orig.orig/pf_key_v2.c 2007-06-04 13:22:39.137905416 +0200 ++++ isakmpd-20041012.orig/pf_key_v2.c 2007-06-04 13:22:39.287882616 +0200 +@@ -1055,6 +1055,10 @@ + #endif + #if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP) + struct sadb_x_udpencap udpencap; ++#elif defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_NAT_T_TYPE) ++ struct sadb_x_nat_t_type nat_t_type; ++ struct sadb_x_nat_t_port nat_t_sport; ++ struct sadb_x_nat_t_port nat_t_dport; + #endif + #ifdef USE_DEBUG + char *addr_str; +@@ -1273,10 +1277,15 @@ + log_print("pf_key_v2_set_spi: invalid proto %d", proto->proto); + goto cleanup; + } +- if (incoming) ++ if (incoming) { + sa->transport->vtbl->get_src(sa->transport, &dst); +- else ++ sa->transport->vtbl->get_dst(sa->transport, &src); ++ } ++ else { + sa->transport->vtbl->get_dst(sa->transport, &dst); ++ sa->transport->vtbl->get_src(sa->transport, &src); ++ } ++ + #ifdef KAME + msg.sadb_msg_seq = (incoming ? + pf_key_v2_seq_by_sa(proto->spi[incoming], sizeof ssa.sadb_sa_spi, +@@ -1319,12 +1328,13 @@ + ssa.sadb_sa_flags = 0; + #ifdef SADB_X_SAFLAGS_TUNNEL + if (iproto->encap_mode == IPSEC_ENCAP_TUNNEL || +- iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL) ++ iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL || ++ iproto->encap_mode == IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT) + ssa.sadb_sa_flags = SADB_X_SAFLAGS_TUNNEL; + #endif + +-#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP) + if (isakmp_sa->flags & SA_FLAG_NAT_T_ENABLE) { ++#if defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_UDPENCAP) + memset(&udpencap, 0, sizeof udpencap); + ssa.sadb_sa_flags |= SADB_X_SAFLAGS_UDPENCAP; + udpencap.sadb_x_udpencap_exttype = SADB_X_EXT_UDPENCAP; +@@ -1334,8 +1344,40 @@ + if (pf_key_v2_msg_add(update, (struct sadb_ext *)&udpencap, 0) + == -1) + goto cleanup; +- } ++#elif defined (USE_NAT_TRAVERSAL) && defined (SADB_X_EXT_NAT_T_TYPE) ++#ifndef UDP_ENCAP_ESPINUDP ++#define UDP_ENCAP_ESPINUDP 2 ++#endif ++ memset(&nat_t_type, 0, sizeof nat_t_type); ++ memset(&nat_t_sport, 0, sizeof nat_t_sport); ++ memset(&nat_t_dport, 0, sizeof nat_t_dport); ++ ++ /* type = draft-udp-encap-06 */ ++ nat_t_type.sadb_x_nat_t_type_len = sizeof nat_t_type / PF_KEY_V2_CHUNK; ++ nat_t_type.sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; ++ nat_t_type.sadb_x_nat_t_type_type = UDP_ENCAP_ESPINUDP; ++ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_type, 0) == -1) ++ goto cleanup; ++ ++ /* source port */ ++ nat_t_sport.sadb_x_nat_t_port_len = sizeof nat_t_sport / ++ PF_KEY_V2_CHUNK; ++ nat_t_sport.sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_SPORT; ++ nat_t_sport.sadb_x_nat_t_port_port = sockaddr_port(src); ++ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_sport, 0) == -1) ++ goto cleanup; ++ ++ /* destination port */ ++ nat_t_dport.sadb_x_nat_t_port_len = sizeof nat_t_dport / ++ PF_KEY_V2_CHUNK; ++ nat_t_dport.sadb_x_nat_t_port_exttype = SADB_X_EXT_NAT_T_DPORT; ++ nat_t_dport.sadb_x_nat_t_port_port = sockaddr_port(dst); ++ if(pf_key_v2_msg_add(update, (struct sadb_ext *)&nat_t_dport, 0) == -1) ++ goto cleanup; ++ ++ /* original address (transport mode checksum missing info) goes here */ + #endif ++ } + + if (pf_key_v2_msg_add(update, (struct sadb_ext *)&ssa, 0) == -1) + goto cleanup; +@@ -1395,10 +1437,6 @@ + /* + * Setup the ADDRESS extensions. + */ +- if (incoming) +- sa->transport->vtbl->get_dst(sa->transport, &src); +- else +- sa->transport->vtbl->get_src(sa->transport, &src); + len = sizeof *addr + PF_KEY_V2_ROUND(sysdep_sa_len(src)); + addr = calloc(1, len); + if (!addr) +@@ -2167,7 +2205,7 @@ + pf_key_v2_msg_free(ret); + return -1; + +-#elif defined (SADB_X_SPDADD) && defined (SADB_X_SPDDELETE) ++#elif defined (SADB_X_SPDUPDATE) && defined (SADB_X_SPDDELETE) + struct sadb_msg msg; + struct sadb_x_policy *policy = 0; + struct sadb_x_ipsecrequest *ipsecrequest; +@@ -2181,7 +2219,7 @@ + struct sockaddr_in *ip4_sa; + struct sockaddr_in6 *ip6_sa; + +- msg.sadb_msg_type = delete ? SADB_X_SPDDELETE : SADB_X_SPDADD; ++ msg.sadb_msg_type = delete ? SADB_X_SPDDELETE : SADB_X_SPDUPDATE; + msg.sadb_msg_satype = SADB_SATYPE_UNSPEC; + msg.sadb_msg_seq = 0; + flow = pf_key_v2_msg_new(&msg, 0); +Index: isakmpd-20041012.orig/isakmp_num.cst +=================================================================== +--- isakmpd-20041012.orig.orig/isakmp_num.cst 2007-06-04 13:22:39.143904504 +0200 ++++ isakmpd-20041012.orig/isakmp_num.cst 2007-06-04 13:22:39.287882616 +0200 +@@ -57,15 +57,18 @@ + KD 17 # RFC 3547, Key Download + SEQ 18 # RFC 3547, Sequence Number + POP 19 # RFC 3547, Proof of possession +- RESERVED_MIN 20 ++ NAT_D 20 # RFC 3947, NAT Discovery payload ++ NAT_OA 21 # RFC 3947, NAT Original Address payload ++ RESERVED_MIN 22 + RESERVED_MAX 127 + PRIVATE_MIN 128 + # XXX values from draft-ietf-ipsec-nat-t-ike-01,02,03. Later drafts specify + # XXX NAT_D as payload 15 and NAT_OA as 16, but these are allocated by RFC + # XXX 3547 as seen above. +- NAT_D 130 # NAT Discovery payload +- NAT_OA 131 # NAT Original Address payload ++ NAT_D_DRAFT 130 # NAT Discovery payload ++ NAT_OA_DRAFT 131 # NAT Original Address payload + PRIVATE_MAX 255 ++ MAX 255 + . + + # ISAKMP exchange types. +Index: isakmpd-20041012.orig/ipsec_num.cst +=================================================================== +--- isakmpd-20041012.orig.orig/ipsec_num.cst 2007-06-04 13:22:39.149903592 +0200 ++++ isakmpd-20041012.orig/ipsec_num.cst 2007-06-04 13:22:39.287882616 +0200 +@@ -62,10 +62,10 @@ + IPSEC_ENCAP + TUNNEL 1 + TRANSPORT 2 +- FUTURE_UDP_ENCAP_TUNNEL 3 # XXX Not yet assigned +- FUTURE_UDP_ENCAP_TRANSPORT 4 # XXX Not yet assigned +- UDP_ENCAP_TUNNEL 61443 # draft-ietf-ipsec-nat-t-ike +- UDP_ENCAP_TRANSPORT 61443 # draft-ietf-ipsec-nat-t-ike ++ UDP_ENCAP_TUNNEL 3 ++ UDP_ENCAP_TRANSPORT 4 ++ UDP_ENCAP_TUNNEL_DRAFT 61443 # draft-ietf-ipsec-nat-t-ike ++ UDP_ENCAP_TRANSPORT_DRAFT 61443 # draft-ietf-ipsec-nat-t-ike + . + + # IPSEC authentication algorithm. +Index: isakmpd-20041012.orig/nat_traversal.h +=================================================================== +--- isakmpd-20041012.orig.orig/nat_traversal.h 2007-06-04 13:22:39.154902832 +0200 ++++ isakmpd-20041012.orig/nat_traversal.h 2007-06-04 13:22:39.287882616 +0200 +@@ -1,4 +1,4 @@ +-/* $OpenBSD: nat_traversal.h,v 1.2 2004/06/21 23:27:10 ho Exp $ */ ++/* $OpenBSD: nat_traversal.h,v 1.4 2005/07/25 15:03:47 hshoexer Exp $ */ + + /* + * Copyright (c) 2004 HÃ¥kan Olsson. All rights reserved. +@@ -27,6 +27,24 @@ + #ifndef _NAT_TRAVERSAL_H_ + #define _NAT_TRAVERSAL_H_ + ++#define VID_DRAFT_V2 0 ++#define VID_DRAFT_V2_N 1 ++#define VID_DRAFT_V3 2 ++#define VID_RFC3947 3 ++ ++struct nat_t_cap { ++ int id; ++ u_int32_t flags; ++ const char *text; ++ char *hash; ++ size_t hashsize; ++}; ++ ++/* ++ * Set if -T is given on the command line to disable NAT-T support. ++ */ ++extern int disable_nat_t; ++ + void nat_t_init(void); + int nat_t_add_vendor_payloads(struct message *); + void nat_t_check_vendor_payload(struct message *, struct payload *); +Index: isakmpd-20041012.orig/message.c +=================================================================== +--- isakmpd-20041012.orig.orig/message.c 2007-06-04 13:22:39.160901920 +0200 ++++ isakmpd-20041012.orig/message.c 2007-06-04 13:22:39.288882464 +0200 +@@ -112,6 +112,7 @@ + message_validate_hash, message_validate_sig, message_validate_nonce, + message_validate_notify, message_validate_delete, + message_validate_vendor, message_validate_attribute, ++ message_validate_nat_d, message_validate_nat_oa, + message_validate_nat_d, message_validate_nat_oa + }; + +@@ -120,7 +121,7 @@ + isakmp_id_fld, isakmp_cert_fld, isakmp_certreq_fld, isakmp_hash_fld, + isakmp_sig_fld, isakmp_nonce_fld, isakmp_notify_fld, isakmp_delete_fld, + isakmp_vendor_fld, isakmp_attribute_fld, isakmp_nat_d_fld, +- isakmp_nat_oa_fld ++ isakmp_nat_oa_fld, isakmp_nat_d_fld, isakmp_nat_oa_fld + }; + + /* +@@ -138,7 +139,8 @@ + ISAKMP_PAYLOAD_SAK, ISAKMP_PAYLOAD_SAT, ISAKMP_PAYLOAD_KD, + ISAKMP_PAYLOAD_SEQ, ISAKMP_PAYLOAD_POP + #endif +- ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA ++ ISAKMP_PAYLOAD_NAT_D, ISAKMP_PAYLOAD_NAT_OA, ++ ISAKMP_PAYLOAD_NAT_D_DRAFT, ISAKMP_PAYLOAD_NAT_OA_DRAFT + }; + + static u_int8_t payload_map[256]; +@@ -347,8 +349,8 @@ + } + /* Ignore most private payloads. */ + if (next >= ISAKMP_PAYLOAD_PRIVATE_MIN && +- next != ISAKMP_PAYLOAD_NAT_D && +- next != ISAKMP_PAYLOAD_NAT_OA) { ++ next != ISAKMP_PAYLOAD_NAT_D_DRAFT && ++ next != ISAKMP_PAYLOAD_NAT_OA_DRAFT) { + LOG_DBG((LOG_MESSAGE, 30, "message_parse_payloads: " + "private next payload type %s in payload of " + "type %d ignored", +@@ -460,8 +462,10 @@ + return ISAKMP_ATTRIBUTE_SZ; + #if defined (USE_NAT_TRAVERSAL) + case ISAKMP_PAYLOAD_NAT_D: ++ case ISAKMP_PAYLOAD_NAT_D_DRAFT: + return ISAKMP_NAT_D_SZ; + case ISAKMP_PAYLOAD_NAT_OA: ++ case ISAKMP_PAYLOAD_NAT_OA_DRAFT: + return ISAKMP_NAT_OA_SZ; + #endif + /* Not yet supported and any other unknown payloads. */ +Index: isakmpd-20041012.orig/policy.c +=================================================================== +--- isakmpd-20041012.orig.orig/policy.c 2007-06-04 13:22:39.165901160 +0200 ++++ isakmpd-20041012.orig/policy.c 2007-06-04 13:22:39.289882312 +0200 +@@ -511,7 +511,10 @@ + break; + } + #if defined (USE_NAT_TRAVERSAL) +- else if (decode_16(value) == IPSEC_ENCAP_UDP_ENCAP_TUNNEL) ++ else if (decode_16(value) == ++ IPSEC_ENCAP_UDP_ENCAP_TUNNEL || ++ decode_16(value) == ++ IPSEC_ENCAP_UDP_ENCAP_TUNNEL_DRAFT) + switch (proto->proto) { + case IPSEC_PROTO_IPSEC_AH: + ah_encapsulation = "udp-encap-tunnel"; +@@ -1932,7 +1935,7 @@ + void + policy_init(void) + { +- char *ptr, *policy_file; ++ char *ptr, *policy_file, *use_keynote; + char **asserts; + size_t sz, len; + int fd, i; +@@ -1940,10 +1943,11 @@ + LOG_DBG((LOG_POLICY, 30, "policy_init: initializing")); + + /* Do we want to use the policy modules? */ +- if (ignore_policy || +- strncmp("yes", conf_get_str("General", "Use-Keynote"), 3)) +- return; +- ++ use_keynote = conf_get_str("General", "Use-Keynote"); ++ if (ignore_policy || ++ (use_keynote && strncmp("yes", use_keynote, 3))) ++ return; ++ + /* Get policy file from configuration. */ + policy_file = conf_get_str("General", "Policy-file"); + if (!policy_file) +Index: isakmpd-20041012.orig/ike_phase_1.c +=================================================================== +--- isakmpd-20041012.orig.orig/ike_phase_1.c 2007-06-04 13:22:39.170900400 +0200 ++++ isakmpd-20041012.orig/ike_phase_1.c 2007-06-04 13:22:39.290882160 +0200 +@@ -1040,9 +1040,9 @@ + + /* Compare expected/desired and received remote ID */ + if (bcmp(rid, payload->p + ISAKMP_ID_DATA_OFF, sz)) { +- free(rid); + log_print("ike_phase_1_recv_ID: " +- "received remote ID other than expected %s", p); ++ "received remote ID other than expected %s - %s", p, payload->p); ++ free(rid); + return -1; + } + free(rid); +Index: isakmpd-20041012.orig/x509.c +=================================================================== +--- isakmpd-20041012.orig.orig/x509.c 2007-06-04 13:22:39.176899488 +0200 ++++ isakmpd-20041012.orig/x509.c 2007-06-04 13:22:39.290882160 +0200 +@@ -910,7 +910,11 @@ + X509_STORE_CTX_init(&csc, x509_cas, cert, NULL); + #if OPENSSL_VERSION_NUMBER >= 0x00907000L + /* XXX See comment in x509_read_crls_from_dir. */ ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++ if (x509_cas->param->flags & X509_V_FLAG_CRL_CHECK) { ++#else + if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) { ++#endif + X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK); + X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL); + } +Index: isakmpd-20041012.orig/sysdep/linux/sysdep.c +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.182898576 +0200 ++++ isakmpd-20041012.orig/sysdep/linux/sysdep.c 2007-06-04 13:22:39.291882008 +0200 +@@ -169,22 +169,22 @@ + return 0; + + if (!(af == AF_INET || af == AF_INET6)) +- { ++ { + log_print ("sysdep_cleartext: unsupported protocol family %d", af); + return -1; + } + + if (setsockopt (fd, af == AF_INET ? IPPROTO_IP : IPPROTO_IPV6, +- af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY, +- &pol_in, sizeof pol_in) < 0 || ++ af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY, ++ &pol_in, sizeof pol_in) < 0 || + setsockopt (fd, af == AF_INET ? IPPROTO_IP : IPPROTO_IPV6, +- af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY, +- &pol_out, sizeof pol_out) < 0) +- { ++ af == AF_INET ? IP_IPSEC_POLICY : IPV6_IPSEC_POLICY, ++ &pol_out, sizeof pol_out) < 0) ++ { + log_error ("sysdep_cleartext: " +- "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) " +- "failed", fd, af == AF_INET ? "" : "V6", +- af == AF_INET ? "" : "V6"); ++ "setsockopt (%d, IPPROTO_IP%s, IP%s_IPSEC_POLICY, ...) " ++ "failed", fd, af == AF_INET ? "" : "V6", ++ af == AF_INET ? "" : "V6"); + return -1; + } + return 0; +Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.187897816 +0200 ++++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200 +@@ -33,13 +33,13 @@ + LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO} + DPADD+= ${LIBGMP} ${LIBSYSDEP} + +-CFLAGS+= -DUSE_OLD_SOCKADDR -DHAVE_PCAP \ +- -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP \ +- -I/usr/src/linux/include -I${.CURDIR}/sysdep/common \ ++CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \ ++ -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \ ++ -I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \ + -I/usr/include/openssl + + FEATURES= debug tripledes blowfish cast ec aggressive x509 policy +-FEATURES+= des aes ++FEATURES+= dpd nat_traversal isakmp_cfg des aes + + IPSEC_SRCS= pf_key_v2.c + IPSEC_CFLAGS= -DUSE_PF_KEY_V2 +@@ -51,7 +51,7 @@ + # hack libsysdep.a dependenc + ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: + cd ${LIBSYSDEPDIR} && \ +- ${MAKE} --no-print-directory ${MAKEFLAGS} \ ++ ${MAKE} --no-print-directory \ + CFLAGS="${CFLAGS}" MKDEP="${MKDEP}" ${MAKECMDGOALS} + + ifeq ($(findstring clean,$(MAKECMDGOALS)),clean) +Index: isakmpd-20041012.orig/sysdep/linux/include/bitstring.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ isakmpd-20041012.orig/sysdep/linux/include/bitstring.h 2007-06-04 13:22:39.291882008 +0200 +@@ -0,0 +1,132 @@ ++/* $OpenBSD: bitstring.h,v 1.4 2002/06/19 02:50:10 millert Exp $ */ ++/* $NetBSD: bitstring.h,v 1.5 1997/05/14 15:49:55 pk Exp $ */ ++ ++/* ++ * Copyright (c) 1989, 1993 ++ * The Regents of the University of California. All rights reserved. ++ * ++ * This code is derived from software contributed to Berkeley by ++ * Paul Vixie. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by the University of ++ * California, Berkeley and its contributors. ++ * 4. Neither the name of the University nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * @(#)bitstring.h 8.1 (Berkeley) 7/19/93 ++ */ ++ ++#ifndef _BITSTRING_H_ ++#define _BITSTRING_H_ ++ ++/* modified for SV/AT and bitstring bugfix by M.R.Murphy, 11oct91 ++ * bitstr_size changed gratuitously, but shorter ++ * bit_alloc spelling error fixed ++ * the following were efficient, but didn't work, they've been made to ++ * work, but are no longer as efficient :-) ++ * bit_nclear, bit_nset, bit_ffc, bit_ffs ++ */ ++typedef unsigned char bitstr_t; ++ ++/* internal macros */ ++ /* byte of the bitstring bit is in */ ++#define _bit_byte(bit) \ ++ ((bit) >> 3) ++ ++ /* mask for the bit within its byte */ ++#define _bit_mask(bit) \ ++ (1 << ((bit)&0x7)) ++ ++/* external macros */ ++ /* bytes in a bitstring of nbits bits */ ++#define bitstr_size(nbits) \ ++ (((nbits) + 7) >> 3) ++ ++ /* allocate a bitstring */ ++#define bit_alloc(nbits) \ ++ (bitstr_t *)calloc((size_t)bitstr_size(nbits), sizeof(bitstr_t)) ++ ++ /* allocate a bitstring on the stack */ ++#define bit_decl(name, nbits) \ ++ ((name)[bitstr_size(nbits)]) ++ ++ /* is bit N of bitstring name set? */ ++#define bit_test(name, bit) \ ++ ((name)[_bit_byte(bit)] & _bit_mask(bit)) ++ ++ /* set bit N of bitstring name */ ++#define bit_set(name, bit) \ ++ ((name)[_bit_byte(bit)] |= _bit_mask(bit)) ++ ++ /* clear bit N of bitstring name */ ++#define bit_clear(name, bit) \ ++ ((name)[_bit_byte(bit)] &= ~_bit_mask(bit)) ++ ++ /* clear bits start ... stop in bitstring */ ++#define bit_nclear(name, start, stop) do { \ ++ register bitstr_t *_name = name; \ ++ register int _start = start, _stop = stop; \ ++ while (_start <= _stop) { \ ++ bit_clear(_name, _start); \ ++ _start++; \ ++ } \ ++} while(0) ++ ++ /* set bits start ... stop in bitstring */ ++#define bit_nset(name, start, stop) do { \ ++ register bitstr_t *_name = name; \ ++ register int _start = start, _stop = stop; \ ++ while (_start <= _stop) { \ ++ bit_set(_name, _start); \ ++ _start++; \ ++ } \ ++} while(0) ++ ++ /* find first bit clear in name */ ++#define bit_ffc(name, nbits, value) do { \ ++ register bitstr_t *_name = name; \ ++ register int _bit, _nbits = nbits, _value = -1; \ ++ for (_bit = 0; _bit < _nbits; ++_bit) \ ++ if (!bit_test(_name, _bit)) { \ ++ _value = _bit; \ ++ break; \ ++ } \ ++ *(value) = _value; \ ++} while(0) ++ ++ /* find first bit set in name */ ++#define bit_ffs(name, nbits, value) do { \ ++ register bitstr_t *_name = name; \ ++ register int _bit, _nbits = nbits, _value = -1; \ ++ for (_bit = 0; _bit < _nbits; ++_bit) \ ++ if (bit_test(_name, _bit)) { \ ++ _value = _bit; \ ++ break; \ ++ } \ ++ *(value) = _value; \ ++} while(0) ++ ++#endif /* !_BITSTRING_H_ */ +Index: isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ isakmpd-20041012.orig/sysdep/linux/include/sys/queue.h 2007-06-04 13:22:39.292881856 +0200 +@@ -0,0 +1,453 @@ ++/* ++ * Copyright (c) 1991, 1993 ++ * The Regents of the University of California. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * This product includes software developed by the University of ++ * California, Berkeley and its contributors. ++ * 4. Neither the name of the University nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * @(#)queue.h 8.5 (Berkeley) 8/20/94 ++ * $FreeBSD: src/sys/sys/queue.h,v 1.45 2001/12/11 11:49:58 sheldonh Exp $ ++ */ ++ ++#ifndef _SYS_QUEUE_H_ ++#define _SYS_QUEUE_H_ ++ ++//#include /* for __offsetof */ ++ ++/* ++ * This file defines four types of data structures: singly-linked lists, ++ * singly-linked tail queues, lists and tail queues. ++ * ++ * A singly-linked list is headed by a single forward pointer. The elements ++ * are singly linked for minimum space and pointer manipulation overhead at ++ * the expense of O(n) removal for arbitrary elements. New elements can be ++ * added to the list after an existing element or at the head of the list. ++ * Elements being removed from the head of the list should use the explicit ++ * macro for this purpose for optimum efficiency. A singly-linked list may ++ * only be traversed in the forward direction. Singly-linked lists are ideal ++ * for applications with large datasets and few or no removals or for ++ * implementing a LIFO queue. ++ * ++ * A singly-linked tail queue is headed by a pair of pointers, one to the ++ * head of the list and the other to the tail of the list. The elements are ++ * singly linked for minimum space and pointer manipulation overhead at the ++ * expense of O(n) removal for arbitrary elements. New elements can be added ++ * to the list after an existing element, at the head of the list, or at the ++ * end of the list. Elements being removed from the head of the tail queue ++ * should use the explicit macro for this purpose for optimum efficiency. ++ * A singly-linked tail queue may only be traversed in the forward direction. ++ * Singly-linked tail queues are ideal for applications with large datasets ++ * and few or no removals or for implementing a FIFO queue. ++ * ++ * A list is headed by a single forward pointer (or an array of forward ++ * pointers for a hash table header). The elements are doubly linked ++ * so that an arbitrary element can be removed without a need to ++ * traverse the list. New elements can be added to the list before ++ * or after an existing element or at the head of the list. A list ++ * may only be traversed in the forward direction. ++ * ++ * A tail queue is headed by a pair of pointers, one to the head of the ++ * list and the other to the tail of the list. The elements are doubly ++ * linked so that an arbitrary element can be removed without a need to ++ * traverse the list. New elements can be added to the list before or ++ * after an existing element, at the head of the list, or at the end of ++ * the list. A tail queue may be traversed in either direction. ++ * ++ * For details on the use of these macros, see the queue(3) manual page. ++ * ++ * ++ * SLIST LIST STAILQ TAILQ ++ * _HEAD + + + + ++ * _HEAD_INITIALIZER + + + + ++ * _ENTRY + + + + ++ * _INIT + + + + ++ * _EMPTY + + + + ++ * _FIRST + + + + ++ * _NEXT + + + + ++ * _PREV - - - + ++ * _LAST - - + + ++ * _FOREACH + + + + ++ * _FOREACH_REVERSE - - - + ++ * _INSERT_HEAD + + + + ++ * _INSERT_BEFORE - + - + ++ * _INSERT_AFTER + + + + ++ * _INSERT_TAIL - - + + ++ * _REMOVE_HEAD + - + - ++ * _REMOVE + + + + ++ * ++ */ ++ ++/* ++ * Singly-linked List declarations. ++ */ ++#define SLIST_HEAD(name, type) \ ++struct name { \ ++ struct type *slh_first; /* first element */ \ ++} ++ ++#define SLIST_HEAD_INITIALIZER(head) \ ++ { NULL } ++ ++#define SLIST_ENTRY(type) \ ++struct { \ ++ struct type *sle_next; /* next element */ \ ++} ++ ++/* ++ * Singly-linked List functions. ++ */ ++#define SLIST_EMPTY(head) ((head)->slh_first == NULL) ++ ++#define SLIST_FIRST(head) ((head)->slh_first) ++ ++#define SLIST_FOREACH(var, head, field) \ ++ for ((var) = SLIST_FIRST((head)); \ ++ (var); \ ++ (var) = SLIST_NEXT((var), field)) ++ ++#define SLIST_INIT(head) do { \ ++ SLIST_FIRST((head)) = NULL; \ ++} while (0) ++ ++#define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ ++ SLIST_NEXT((elm), field) = SLIST_NEXT((slistelm), field); \ ++ SLIST_NEXT((slistelm), field) = (elm); \ ++} while (0) ++ ++#define SLIST_INSERT_HEAD(head, elm, field) do { \ ++ SLIST_NEXT((elm), field) = SLIST_FIRST((head)); \ ++ SLIST_FIRST((head)) = (elm); \ ++} while (0) ++ ++#define SLIST_NEXT(elm, field) ((elm)->field.sle_next) ++ ++#define SLIST_REMOVE(head, elm, type, field) do { \ ++ if (SLIST_FIRST((head)) == (elm)) { \ ++ SLIST_REMOVE_HEAD((head), field); \ ++ } \ ++ else { \ ++ struct type *curelm = SLIST_FIRST((head)); \ ++ while (SLIST_NEXT(curelm, field) != (elm)) \ ++ curelm = SLIST_NEXT(curelm, field); \ ++ SLIST_NEXT(curelm, field) = \ ++ SLIST_NEXT(SLIST_NEXT(curelm, field), field); \ ++ } \ ++} while (0) ++ ++#define SLIST_REMOVE_HEAD(head, field) do { \ ++ SLIST_FIRST((head)) = SLIST_NEXT(SLIST_FIRST((head)), field); \ ++} while (0) ++ ++/* ++ * Singly-linked Tail queue declarations. ++ */ ++#define STAILQ_HEAD(name, type) \ ++struct name { \ ++ struct type *stqh_first;/* first element */ \ ++ struct type **stqh_last;/* addr of last next element */ \ ++} ++ ++#define STAILQ_HEAD_INITIALIZER(head) \ ++ { NULL, &(head).stqh_first } ++ ++#define STAILQ_ENTRY(type) \ ++struct { \ ++ struct type *stqe_next; /* next element */ \ ++} ++ ++/* ++ * Singly-linked Tail queue functions. ++ */ ++#define STAILQ_EMPTY(head) ((head)->stqh_first == NULL) ++ ++#define STAILQ_FIRST(head) ((head)->stqh_first) ++ ++#define STAILQ_FOREACH(var, head, field) \ ++ for((var) = STAILQ_FIRST((head)); \ ++ (var); \ ++ (var) = STAILQ_NEXT((var), field)) ++ ++#define STAILQ_INIT(head) do { \ ++ STAILQ_FIRST((head)) = NULL; \ ++ (head)->stqh_last = &STAILQ_FIRST((head)); \ ++} while (0) ++ ++#define STAILQ_INSERT_AFTER(head, tqelm, elm, field) do { \ ++ if ((STAILQ_NEXT((elm), field) = STAILQ_NEXT((tqelm), field)) == NULL)\ ++ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ ++ STAILQ_NEXT((tqelm), field) = (elm); \ ++} while (0) ++ ++#define STAILQ_INSERT_HEAD(head, elm, field) do { \ ++ if ((STAILQ_NEXT((elm), field) = STAILQ_FIRST((head))) == NULL) \ ++ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ ++ STAILQ_FIRST((head)) = (elm); \ ++} while (0) ++ ++#define STAILQ_INSERT_TAIL(head, elm, field) do { \ ++ STAILQ_NEXT((elm), field) = NULL; \ ++ *(head)->stqh_last = (elm); \ ++ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ ++} while (0) ++ ++#define STAILQ_LAST(head, type, field) \ ++ (STAILQ_EMPTY(head) ? \ ++ NULL : \ ++ ((struct type *) \ ++ ((char *)((head)->stqh_last) - __offsetof(struct type, field)))) ++ ++#define STAILQ_NEXT(elm, field) ((elm)->field.stqe_next) ++ ++#define STAILQ_REMOVE(head, elm, type, field) do { \ ++ if (STAILQ_FIRST((head)) == (elm)) { \ ++ STAILQ_REMOVE_HEAD(head, field); \ ++ } \ ++ else { \ ++ struct type *curelm = STAILQ_FIRST((head)); \ ++ while (STAILQ_NEXT(curelm, field) != (elm)) \ ++ curelm = STAILQ_NEXT(curelm, field); \ ++ if ((STAILQ_NEXT(curelm, field) = \ ++ STAILQ_NEXT(STAILQ_NEXT(curelm, field), field)) == NULL)\ ++ (head)->stqh_last = &STAILQ_NEXT((curelm), field);\ ++ } \ ++} while (0) ++ ++#define STAILQ_REMOVE_HEAD(head, field) do { \ ++ if ((STAILQ_FIRST((head)) = \ ++ STAILQ_NEXT(STAILQ_FIRST((head)), field)) == NULL) \ ++ (head)->stqh_last = &STAILQ_FIRST((head)); \ ++} while (0) ++ ++#define STAILQ_REMOVE_HEAD_UNTIL(head, elm, field) do { \ ++ if ((STAILQ_FIRST((head)) = STAILQ_NEXT((elm), field)) == NULL) \ ++ (head)->stqh_last = &STAILQ_FIRST((head)); \ ++} while (0) ++ ++/* ++ * List declarations. ++ */ ++#define LIST_HEAD(name, type) \ ++struct name { \ ++ struct type *lh_first; /* first element */ \ ++} ++ ++#define LIST_HEAD_INITIALIZER(head) \ ++ { NULL } ++ ++#define LIST_ENTRY(type) \ ++struct { \ ++ struct type *le_next; /* next element */ \ ++ struct type **le_prev; /* address of previous next element */ \ ++} ++ ++/* ++ * List functions. ++ */ ++ ++#define LIST_EMPTY(head) ((head)->lh_first == NULL) ++ ++#define LIST_FIRST(head) ((head)->lh_first) ++ ++#define LIST_FOREACH(var, head, field) \ ++ for ((var) = LIST_FIRST((head)); \ ++ (var); \ ++ (var) = LIST_NEXT((var), field)) ++ ++#define LIST_INIT(head) do { \ ++ LIST_FIRST((head)) = NULL; \ ++} while (0) ++ ++#define LIST_INSERT_AFTER(listelm, elm, field) do { \ ++ if ((LIST_NEXT((elm), field) = LIST_NEXT((listelm), field)) != NULL)\ ++ LIST_NEXT((listelm), field)->field.le_prev = \ ++ &LIST_NEXT((elm), field); \ ++ LIST_NEXT((listelm), field) = (elm); \ ++ (elm)->field.le_prev = &LIST_NEXT((listelm), field); \ ++} while (0) ++ ++#define LIST_INSERT_BEFORE(listelm, elm, field) do { \ ++ (elm)->field.le_prev = (listelm)->field.le_prev; \ ++ LIST_NEXT((elm), field) = (listelm); \ ++ *(listelm)->field.le_prev = (elm); \ ++ (listelm)->field.le_prev = &LIST_NEXT((elm), field); \ ++} while (0) ++ ++#define LIST_INSERT_HEAD(head, elm, field) do { \ ++ if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \ ++ LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field);\ ++ LIST_FIRST((head)) = (elm); \ ++ (elm)->field.le_prev = &LIST_FIRST((head)); \ ++} while (0) ++ ++#define LIST_NEXT(elm, field) ((elm)->field.le_next) ++ ++#define LIST_REMOVE(elm, field) do { \ ++ if (LIST_NEXT((elm), field) != NULL) \ ++ LIST_NEXT((elm), field)->field.le_prev = \ ++ (elm)->field.le_prev; \ ++ *(elm)->field.le_prev = LIST_NEXT((elm), field); \ ++} while (0) ++ ++/* ++ * Tail queue declarations. ++ */ ++#define TAILQ_HEAD(name, type) \ ++struct name { \ ++ struct type *tqh_first; /* first element */ \ ++ struct type **tqh_last; /* addr of last next element */ \ ++} ++ ++#define TAILQ_HEAD_INITIALIZER(head) \ ++ { NULL, &(head).tqh_first } ++ ++#define TAILQ_ENTRY(type) \ ++struct { \ ++ struct type *tqe_next; /* next element */ \ ++ struct type **tqe_prev; /* address of previous next element */ \ ++} ++ ++/* ++ * Tail queue functions. ++ */ ++#define TAILQ_EMPTY(head) ((head)->tqh_first == NULL) ++ ++#define TAILQ_FIRST(head) ((head)->tqh_first) ++ ++#define TAILQ_FOREACH(var, head, field) \ ++ for ((var) = TAILQ_FIRST((head)); \ ++ (var); \ ++ (var) = TAILQ_NEXT((var), field)) ++ ++#define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ ++ for ((var) = TAILQ_LAST((head), headname); \ ++ (var); \ ++ (var) = TAILQ_PREV((var), headname, field)) ++ ++#define TAILQ_INIT(head) do { \ ++ TAILQ_FIRST((head)) = NULL; \ ++ (head)->tqh_last = &TAILQ_FIRST((head)); \ ++} while (0) ++ ++#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ ++ if ((TAILQ_NEXT((elm), field) = TAILQ_NEXT((listelm), field)) != NULL)\ ++ TAILQ_NEXT((elm), field)->field.tqe_prev = \ ++ &TAILQ_NEXT((elm), field); \ ++ else \ ++ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ ++ TAILQ_NEXT((listelm), field) = (elm); \ ++ (elm)->field.tqe_prev = &TAILQ_NEXT((listelm), field); \ ++} while (0) ++ ++#define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ ++ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ ++ TAILQ_NEXT((elm), field) = (listelm); \ ++ *(listelm)->field.tqe_prev = (elm); \ ++ (listelm)->field.tqe_prev = &TAILQ_NEXT((elm), field); \ ++} while (0) ++ ++#define TAILQ_INSERT_HEAD(head, elm, field) do { \ ++ if ((TAILQ_NEXT((elm), field) = TAILQ_FIRST((head))) != NULL) \ ++ TAILQ_FIRST((head))->field.tqe_prev = \ ++ &TAILQ_NEXT((elm), field); \ ++ else \ ++ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ ++ TAILQ_FIRST((head)) = (elm); \ ++ (elm)->field.tqe_prev = &TAILQ_FIRST((head)); \ ++} while (0) ++ ++#define TAILQ_INSERT_TAIL(head, elm, field) do { \ ++ TAILQ_NEXT((elm), field) = NULL; \ ++ (elm)->field.tqe_prev = (head)->tqh_last; \ ++ *(head)->tqh_last = (elm); \ ++ (head)->tqh_last = &TAILQ_NEXT((elm), field); \ ++} while (0) ++ ++#define TAILQ_LAST(head, headname) \ ++ (*(((struct headname *)((head)->tqh_last))->tqh_last)) ++ ++#define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) ++ ++#define TAILQ_PREV(elm, headname, field) \ ++ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) ++ ++#define TAILQ_REMOVE(head, elm, field) do { \ ++ if ((TAILQ_NEXT((elm), field)) != NULL) \ ++ TAILQ_NEXT((elm), field)->field.tqe_prev = \ ++ (elm)->field.tqe_prev; \ ++ else \ ++ (head)->tqh_last = (elm)->field.tqe_prev; \ ++ *(elm)->field.tqe_prev = TAILQ_NEXT((elm), field); \ ++} while (0) ++ ++ ++#ifdef _KERNEL ++ ++/* ++ * XXX insque() and remque() are an old way of handling certain queues. ++ * They bogusly assumes that all queue heads look alike. ++ */ ++ ++struct quehead { ++ struct quehead *qh_link; ++ struct quehead *qh_rlink; ++}; ++ ++#ifdef __GNUC__ ++ ++static __inline void ++insque(void *a, void *b) ++{ ++ struct quehead *element = (struct quehead *)a, ++ *head = (struct quehead *)b; ++ ++ element->qh_link = head->qh_link; ++ element->qh_rlink = head; ++ head->qh_link = element; ++ element->qh_link->qh_rlink = element; ++} ++ ++static __inline void ++remque(void *a) ++{ ++ struct quehead *element = (struct quehead *)a; ++ ++ element->qh_link->qh_rlink = element->qh_rlink; ++ element->qh_rlink->qh_link = element->qh_link; ++ element->qh_rlink = 0; ++} ++ ++#else /* !__GNUC__ */ ++ ++void insque __P((void *a, void *b)); ++void remque __P((void *a)); ++ ++#endif /* __GNUC__ */ ++ ++#endif /* _KERNEL */ ++ ++#endif /* !_SYS_QUEUE_H_ */ +Index: isakmpd-20041012.orig/sysdep/common/pcap.h +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.203895384 +0200 ++++ isakmpd-20041012.orig/sysdep/common/pcap.h 2007-06-04 13:22:39.292881856 +0200 +@@ -55,8 +55,13 @@ + u_int32_t linktype; /* data link type (DLT_*) */ + }; + ++struct pcap_timeval { ++ int32_t tv_sec; /* seconds */ ++ int32_t tv_usec; /* microseconds */ ++}; ++ + struct pcap_pkthdr { +- struct timeval ts; /* time stamp */ ++ struct pcap_timeval ts; /* time stamp */ + u_int32_t caplen; /* length of portion present */ + u_int32_t len; /* length this packet (off wire) */ + }; +Index: isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.211894168 +0200 ++++ isakmpd-20041012.orig/sysdep/common/libsysdep/arc4random.c 2007-06-04 13:22:39.292881856 +0200 +@@ -78,7 +78,7 @@ + static void + arc4_stir(struct arc4_stream *as) + { +- int fd; ++ int fd, i; + struct { + struct timeval tv; + u_int8_t rnd[128 - sizeof(struct timeval)]; +Index: isakmpd-20041012.orig/x509v3.cnf +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ isakmpd-20041012.orig/x509v3.cnf 2007-06-04 13:22:39.293881704 +0200 +@@ -0,0 +1,26 @@ ++# default settings ++CERTPATHLEN = 1 ++CERTUSAGE = digitalSignature,keyCertSign ++CERTIP = 0.0.0.0 ++CERTFQDN = nohost.nodomain ++ ++# This section should be referenced when building an x509v3 CA ++# Certificate. ++# The default path length and the key usage can be overriden ++# modified by setting the CERTPATHLEN and CERTUSAGE environment ++# variables. ++[x509v3_CA] ++basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN ++keyUsage=$ENV::CERTUSAGE ++ ++# This section should be referenced to add an IP Address ++# as an alternate subject name, needed by isakmpd ++# The address must be provided in the CERTIP environment variable ++[x509v3_IPAddr] ++subjectAltName=IP:$ENV::CERTIP ++ ++# This section should be referenced to add a FQDN hostname ++# as an alternate subject name, needed by isakmpd ++# The address must be provided in the CERTFQDN environment variable ++[x509v3_FQDN] ++subjectAltName=DNS:$ENV::CERTFQDN diff --git a/net/isakmpd/patches/020-standardize.patch b/net/isakmpd/patches/020-standardize.patch new file mode 100644 index 0000000000..435782b637 --- /dev/null +++ b/net/isakmpd/patches/020-standardize.patch @@ -0,0 +1,154 @@ +Index: isakmpd-20041012.orig/GNUmakefile +=================================================================== +--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.283883224 +0200 ++++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200 +@@ -168,7 +168,6 @@ + X509= x509.c + CFLAGS+= -DUSE_LIBCRYPTO + LDADD+= -lcrypto +-DPADD+= ${LIBCRYPTO} + endif + + ifdef USE_RAWKEY +@@ -242,3 +241,16 @@ + + realcleandepend: + rm -f .depend tags ++ ++# Install rules ++install: install-bin install-man ++ ++install-bin: isakmpd ++ -mkdir -p $(DESTDIR)$(BINDIR) ++ $(INSTALL) $(INSTALL_OPTS) -m 755 isakmpd $(DESTDIR)$(BINDIR) ++ ++install-man: ++ -mkdir -p $(DESTDIR)$(MANDIR)/man8 ++ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.8 $(DESTDIR)$(MANDIR)/man8 ++ -mkdir -p $(DESTDIR)$(MANDIR)/man5 ++ $(INSTALL) $(INSTALL_OPTS) -m 444 isakmpd.conf.5 isakmpd.policy.5 $(DESTDIR)$(MANDIR)/man5 +Index: isakmpd-20041012.orig/samples/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/samples/Makefile 2007-06-04 13:22:39.015923960 +0200 ++++ isakmpd-20041012.orig/samples/Makefile 2007-06-04 13:22:39.722816496 +0200 +@@ -26,7 +26,7 @@ + # + + FILES= VPN-* policy singlehost-* +-TARGETDIR= /usr/share/ipsec/isakmpd ++TARGETDIR= /usr/share/isakmpd/samples + + # The mkdir below is for installation on OpenBSD pre 2.7 + install: +Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.291882008 +0200 ++++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200 +@@ -25,18 +25,18 @@ + # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + # + +-LIBGMP:= /usr/lib/libgmp.a +-LIBCRYPTO:= /usr/lib/libcrypto.a ++LIBGMP:= ++LIBCRYPTO:= -lcrypto + LIBSYSDEPDIR:= ${.CURDIR}/sysdep/common/libsysdep + LIBSYSDEP:= ${LIBSYSDEPDIR}/libsysdep.a + +-LDADD+= -lgmp ${LIBSYSDEP} ${LIBCRYPTO} ++LDADD+= $(EXTRA_LDFLAGS) -lgmp ${LIBSYSDEP} ${LIBCRYPTO} + DPADD+= ${LIBGMP} ${LIBSYSDEP} + + CFLAGS+= -DHAVE_GETNAMEINFO -DUSE_OLD_SOCKADDR -DHAVE_PCAP \ + -DNEED_SYSDEP_APP -DMP_FLAVOUR=MP_FLAVOUR_GMP -DUSE_AES \ + -I${.CURDIR}/sysdep/linux/include -I${.CURDIR}/sysdep/common \ +- -I/usr/include/openssl ++ $(EXTRA_CPPFLAGS) + + FEATURES= debug tripledes blowfish cast ec aggressive x509 policy + FEATURES+= dpd nat_traversal isakmp_cfg des aes +Index: isakmpd-20041012.orig/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/Makefile 2007-06-04 13:22:39.028921984 +0200 ++++ isakmpd-20041012.orig/Makefile 2007-06-04 13:22:39.723816344 +0200 +@@ -147,7 +147,6 @@ + .ifdef USE_LIBCRYPTO + CFLAGS+= -DUSE_LIBCRYPTO + LDADD+= -lcrypto +-DPADD+= ${LIBCRYPTO} + .endif + + .ifdef USE_LIBDES +Index: isakmpd-20041012.orig/apps/certpatch/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.035920920 +0200 ++++ isakmpd-20041012.orig/apps/certpatch/Makefile 2007-06-04 13:22:39.723816344 +0200 +@@ -40,7 +40,6 @@ + .PATH: ${TOPSRC} ${TOPSRC}/sysdep/${OS} ${TOPOBJ} + CFLAGS+= -I${TOPSRC} -I${TOPSRC}/sysdep/${OS} -I${TOPOBJ} -Wall + LDADD+= -lcrypto +-DPADD+= ${LIBCRYPTO} + MAN= certpatch.8 + + .if ${FEATURES:Mgmp} == "gmp" +Index: isakmpd-20041012.orig/regress/crypto/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/regress/crypto/Makefile 2007-06-04 13:22:39.041920008 +0200 ++++ isakmpd-20041012.orig/regress/crypto/Makefile 2007-06-04 13:22:39.723816344 +0200 +@@ -13,7 +13,7 @@ + -DUSE_TRIPLEDES -DUSE_CAST -DUSE_BLOWFISH -DUSE_DES \ + -DUSE_AES + LDADD+= -lcrypto -ldes +-DPADD+= ${LIBCRYPTO} ${LIBDES} ++DPADD+= ${LIBDES} + NOMAN= + DEBUG= -g + +Index: isakmpd-20041012.orig/regress/dh/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/regress/dh/Makefile 2007-06-04 13:22:39.048918944 +0200 ++++ isakmpd-20041012.orig/regress/dh/Makefile 2007-06-04 13:22:39.726815888 +0200 +@@ -15,7 +15,6 @@ + -DUSE_EC + NOMAN= + LDADD+= -lcrypto +-DPADD+= ${LIBCRYPTO} + DEBUG= -g + + .if ${FEATURES:Mgmp} == "gmp" +Index: isakmpd-20041012.orig/regress/group/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/regress/group/Makefile 2007-06-04 13:22:39.054918032 +0200 ++++ isakmpd-20041012.orig/regress/group/Makefile 2007-06-04 13:22:39.727815736 +0200 +@@ -15,7 +15,6 @@ + -DUSE_EC + NOMAN= + LDADD+= -lcrypto +-DPADD+= ${LIBCRYPTO} + DEBUG= -g + + .if ${FEATURES:Mgmp} == "gmp" +Index: isakmpd-20041012.orig/regress/rsakeygen/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.060917120 +0200 ++++ isakmpd-20041012.orig/regress/rsakeygen/Makefile 2007-06-04 13:22:39.727815736 +0200 +@@ -62,7 +62,6 @@ + .ifdef USE_LIBCRYPTO + CFLAGS+= -DUSE_LIBCRYPTO + LDADD+= -lcrypto +-DPADD+= ${LIBCRYPTO} + .endif + + .if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) +Index: isakmpd-20041012.orig/regress/x509/Makefile +=================================================================== +--- isakmpd-20041012.orig.orig/regress/x509/Makefile 2007-06-04 13:22:39.068915904 +0200 ++++ isakmpd-20041012.orig/regress/x509/Makefile 2007-06-04 13:22:39.727815736 +0200 +@@ -78,7 +78,6 @@ + X509= x509.c + CFLAGS+= -DUSE_LIBCRYPTO + LDADD+= -lcrypto ${LIBLWRES} +-DPADD+= ${LIBCRYPTO} + .endif + + .if !defined (HAVE_DLOPEN) && !defined (USE_LIBCRYPTO) || !defined (USE_KEYNOTE) diff --git a/net/isakmpd/patches/030-openssl_hashes.patch b/net/isakmpd/patches/030-openssl_hashes.patch new file mode 100644 index 0000000000..f50afc598e --- /dev/null +++ b/net/isakmpd/patches/030-openssl_hashes.patch @@ -0,0 +1,161 @@ +Index: isakmpd-20041012.orig/GNUmakefile +=================================================================== +--- isakmpd-20041012.orig.orig/GNUmakefile 2007-06-04 13:22:39.722816496 +0200 ++++ isakmpd-20041012.orig/GNUmakefile 2007-06-04 13:22:40.000774240 +0200 +@@ -76,13 +76,14 @@ + isakmp_fld.c isakmp_fld.h + MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5 + +-CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \ ++CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \ + -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \ + + # Different debugging & profiling suggestions + + # Include symbolic debugging info + DEBUG= -g ++CFLAGS+= -g + + # Do execution time profiles + #CFLAGS+= -pg +@@ -175,6 +176,14 @@ + CFLAGS+= -DUSE_RAWKEY + endif + ++ifdef USE_OPENSSL_MD5 ++CFLAGS+= -DUSE_OPENSSL_MD5 ++endif ++ ++ifdef USE_OPENSSL_SHA1 ++CFLAGS+= -DUSE_OPENSSL_SHA1 ++endif ++ + SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ + $(ISAKMP_CFG) ${DPD} ${NAT_TRAVERSAL} + CFLAGS+= ${IPSEC_CFLAGS} +Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:38.959932472 +0200 ++++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200 +@@ -31,10 +31,18 @@ + .CURDIR:= $(shell pwd) + + LIB= sysdep +-SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c ++SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c + NOMAN= + CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine + ++ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS))) ++SRCS+=md5.c ++endif ++ ++ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS))) ++SRCS+=sha1.c ++endif ++ + lib${LIB}.a: ${SRCS:%.c=%.o} + ar cq $@ ${SRCS:%.c=%.o} + +Index: isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:38.964931712 +0200 ++++ isakmpd-20041012.orig/sysdep/common/libsysdep/md5.c 2007-06-04 13:22:40.000774240 +0200 +@@ -5,6 +5,8 @@ + * changes to accommodate it in the kernel by ji. + */ + ++#ifndef USE_OPENSSL_MD5 ++ + /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +@@ -390,3 +392,4 @@ + #endif + #endif + ++#endif /* USE_OPENSSL_MD5 */ +Index: isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:38.970930800 +0200 ++++ isakmpd-20041012.orig/sysdep/common/libsysdep/sha1.c 2007-06-04 13:22:40.001774088 +0200 +@@ -1,5 +1,7 @@ + /* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */ + ++#ifndef USE_OPENSSL_SHA1 ++ + /* + SHA-1 in C + By Steve Reid +@@ -171,3 +173,5 @@ + SHA1Transform(context->state, context->buffer); + #endif + } ++ ++#endif /* USE_OPENSSL_SHA1 */ +Index: isakmpd-20041012.orig/sysdep/common/md5.h +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/common/md5.h 2007-06-04 13:22:38.976929888 +0200 ++++ isakmpd-20041012.orig/sysdep/common/md5.h 2007-06-04 13:22:40.001774088 +0200 +@@ -1,5 +1,15 @@ + /* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */ + ++#ifdef USE_OPENSSL_MD5 ++ ++#include ++ ++#define MD5Init MD5_Init ++#define MD5Update MD5_Update ++#define MD5Final MD5_Final ++ ++#else /* USE_OPENSSL_MD5 */ ++ + /* GLOBAL.H - RSAREF types and constants + */ + +@@ -71,3 +81,5 @@ + void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); + + #define _MD5_H_ ++ ++#endif /* USE_OPENSSL_MD5 */ +Index: isakmpd-20041012.orig/sysdep/common/sha1.h +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/common/sha1.h 2007-06-04 13:22:38.982928976 +0200 ++++ isakmpd-20041012.orig/sysdep/common/sha1.h 2007-06-04 13:22:40.001774088 +0200 +@@ -1,5 +1,16 @@ + /* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */ + ++#ifdef USE_OPENSSL_SHA1 ++ ++#include ++ ++typedef SHA_CTX SHA1_CTX; ++#define SHA1Init SHA1_Init ++#define SHA1Update SHA1_Update ++#define SHA1Final SHA1_Final ++ ++#else /* USE_OPENSSL_SHA1 */ ++ + /* + SHA-1 in C + By Steve Reid +@@ -16,3 +27,5 @@ + void SHA1Init(SHA1_CTX* context); + void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len); + void SHA1Final(unsigned char digest[20], SHA1_CTX* context); ++ ++#endif /* USE_OPENSSL_SHA1 */ +Index: isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:39.722816496 +0200 ++++ isakmpd-20041012.orig/sysdep/linux/GNUmakefile.sysdep 2007-06-04 13:22:40.001774088 +0200 +@@ -47,6 +47,8 @@ + USE_LIBCRYPO= defined + HAVE_DLOPEN= defined + USE_KEYNOTE= defined ++USE_OPENSSL_MD5= defined ++USE_OPENSSL_SHA1= defined + + # hack libsysdep.a dependenc + ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: diff --git a/net/isakmpd/patches/040-security_fix.patch b/net/isakmpd/patches/040-security_fix.patch new file mode 100644 index 0000000000..d70a722452 --- /dev/null +++ b/net/isakmpd/patches/040-security_fix.patch @@ -0,0 +1,18 @@ +Index: isakmpd-20041012.orig/ipsec.c +=================================================================== +--- isakmpd-20041012.orig.orig/ipsec.c 2007-06-04 13:22:39.283883224 +0200 ++++ isakmpd-20041012.orig/ipsec.c 2007-06-04 13:22:40.247736696 +0200 +@@ -2176,9 +2176,10 @@ + { + struct ipsec_proto *iproto = proto->data; + +- if (proto->sa->phase == 2 && section) +- iproto->replay_window = conf_get_num(section, "ReplayWindow", +- DEFAULT_REPLAY_WINDOW); ++ if (proto->sa->phase == 2) ++ iproto->replay_window = section ? conf_get_num(section, ++ "ReplayWindow", DEFAULT_REPLAY_WINDOW) : ++ DEFAULT_REPLAY_WINDOW; + } + + /* diff --git a/net/isakmpd/patches/050-ar_cross.patch b/net/isakmpd/patches/050-ar_cross.patch new file mode 100644 index 0000000000..2bac048db3 --- /dev/null +++ b/net/isakmpd/patches/050-ar_cross.patch @@ -0,0 +1,13 @@ +Index: isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile +=================================================================== +--- isakmpd-20041012.orig.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.000774240 +0200 ++++ isakmpd-20041012.orig/sysdep/common/libsysdep/GNUmakefile 2007-06-04 13:22:40.431708728 +0200 +@@ -44,7 +44,7 @@ + endif + + lib${LIB}.a: ${SRCS:%.c=%.o} +- ar cq $@ ${SRCS:%.c=%.o} ++ $(AR) cq $@ ${SRCS:%.c=%.o} + + clean: + rm -f lib${LIB}.a ${SRCS:%.c=%.o} diff --git a/net/openswan/Makefile b/net/openswan/Makefile new file mode 100644 index 0000000000..6b6821dcfc --- /dev/null +++ b/net/openswan/Makefile @@ -0,0 +1,96 @@ +# +# Copyright (C) 2006-2008 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=openswan +PKG_VERSION:=2.4.10 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://www.openswan.org/download +PKG_MD5SUM:=2b36785342c74d524d8d86bde89a445f + +include $(INCLUDE_DIR)/package.mk + +define Package/openswan/Default + TITLE:=Openswan + URL:=http://www.openswan.org/ + DEPENDS:=@BROKEN +endef + +define Package/openswan/Default/description + Openswan is an IPsec implementation for Linux. +endef + +define Package/openswan +$(call Package/openswan/Default) + SECTION:=net + CATEGORY:=Network + DEPENDS+= +kmod-openswan +libgmp +ip + TITLE+= (daemon) + URL:=http://www.openswan.org/ +endef + +define Package/openswan/description +$(call Package/openswan/Default/description) + This package contains the Openswan user-land daemon. +endef + +define KernelPackage/openswan +$(call Package/openswan/Default) + SUBMENU:=Network Support + TITLE+= (kernel module) + FILES:=$(PKG_BUILD_DIR)/modobj*/ipsec.$(LINUX_KMOD_SUFFIX) +endef + +define KernelPackage/openswan/description +$(call Package/openswan/Default/description) + This package contains the Openswan kernel module. +endef + +TARGET_CPPFLAGS = \ + -I$(STAGING_DIR)/usr/include \ + -I$(LINUX_DIR)/include + +TARGET_LDFLAGS = \ + -L$(STAGING_DIR)/usr/lib + +OPENSWAN_MAKE := $(MAKE) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + LINUX_RELEASE="$(LINUX_RELEASE)" \ + KERNELSRC="$(LINUX_DIR)" \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + USERCOMPILE="$(TARGET_CFLAGS) -I$(PKG_BUILD_DIR)/linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \ + IPSECDIR="/usr/lib/ipsec" \ + INC_USRLOCAL="/usr" \ + INC_RCDEFAULT="/etc/init.d" \ + MODPROBE="/sbin/insmod" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + DESTDIR="$(PKG_INSTALL_DIR)" + +define Build/Compile + $(OPENSWAN_MAKE) \ + programs module install +endef + +define Package/openswan/install + $(CP) $(PKG_INSTALL_DIR)/* $(1) + $(INSTALL_DIR) $(1)/etc/init.d + $(CP) ./files/ipsec.init $(1)/etc/init.d/ipsec + rm -rf $(1)/usr/share + rm -rf $(1)/usr/man + rm -rf $(1)/var + rm -rf $(1)/etc/rc.d + find $(1) -name \*.old | xargs rm -rf +endef + +$(eval $(call BuildPackage,openswan)) +$(eval $(call KernelPackage,openswan)) diff --git a/net/openswan/files/ipsec.init b/net/openswan/files/ipsec.init new file mode 100755 index 0000000000..33c416351d --- /dev/null +++ b/net/openswan/files/ipsec.init @@ -0,0 +1,158 @@ +#!/bin/sh /etc/rc.common +# IPsec startup and shutdown script +# Copyright (C) 1998, 1999, 2001 Henry Spencer. +# Copyright (C) 2002 Michael Richardson +# Copyright (C) 2006 OpenWrt.org +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See . +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# +# RCSID $Id: setup.in,v 1.122.6.1 2005/07/25 19:17:03 ken Exp $ +# +# ipsec init.d script for starting and stopping +# the IPsec security subsystem (KLIPS and Pluto). +# +# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec) +# and is also accessible as "ipsec setup" (the preferred route for human +# invocation). +# +# The startup and shutdown times are a difficult compromise (in particular, +# it is almost impossible to reconcile them with the insanely early/late +# times of NFS filesystem startup/shutdown). Startup is after startup of +# syslog and pcmcia support; shutdown is just before shutdown of syslog. +# +# chkconfig: 2345 47 76 +# description: IPsec provides encrypted and authenticated communications; \ +# KLIPS is the kernel half of it, Pluto is the user-level management daemon. + +START=60 +script_init() { + me='ipsec setup' # for messages + + # where the private directory and the config files are + IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}" + IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}" + IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}" + IPSEC_CONFS="${IPSEC_CONFS-/etc}" + + if test " $IPSEC_DIR" = " " # if we were not called by the ipsec command + then + # we must establish a suitable PATH ourselves + PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin + export PATH + + IPSEC_DIR="$IPSEC_LIBDIR" + export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR + fi + + # Check that the ipsec command is available. + found= + for dir in `echo $PATH | tr ':' ' '` + do + if test -f $dir/ipsec -a -x $dir/ipsec + then + found=yes + break # NOTE BREAK OUT + fi + done + if ! test "$found" + then + echo "cannot find ipsec command -- \`$1' aborted" | + logger -s -p daemon.error -t ipsec_setup + exit 1 + fi + + # Pick up IPsec configuration (until we have done this, successfully, we + # do not know where errors should go, hence the explicit "daemon.error"s.) + # Note the "--export", which exports the variables created. + eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup` + + if test " $IPSEC_confreadstatus" != " " + then + case $1 in + stop|--stop|_autostop) + echo "$IPSEC_confreadstatus -- \`$1' may not work" | + logger -s -p daemon.error -t ipsec_setup;; + + *) echo "$IPSEC_confreadstatus -- \`$1' aborted" | + logger -s -p daemon.error -t ipsec_setup; + exit 1;; + esac + fi + + IPSEC_confreadsection=${IPSEC_confreadsection:-setup} + export IPSEC_confreadsection + + IPSECsyslog=${IPSECsyslog-daemon.error} + export IPSECsyslog + + # misc setup + umask 022 + + mkdir -p /var/run/pluto +} + +script_command() { + if [ "${USER}" != "root" ] + then + echo "permission denied (must be superuser)" | + logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 + exit 1 + fi + # make sure all required directories exist + if [ ! -d /var/run/pluto ] + then + mkdir -p /var/run/pluto + fi + if [ ! -d /var/lock/subsys ] + then + mkdir -p /var/lock/subsys + fi + tmp=/var/run/pluto/ipsec_setup.st + outtmp=/var/run/pluto/ipsec_setup.out + ( + ipsec _realsetup $1 + echo "$?" >$tmp + ) > ${outtmp} 2>&1 + st=$? + if test -f $tmp + then + st=`cat $tmp` + rm -f $tmp + fi + if [ -f ${outtmp} ]; then + cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1 + rm -f ${outtmp} + fi +} + + +start() { + script_init start "$@" + script_command start "$@" +} + +stop() { + script_init stop "$@" + script_command stop "$@" +} + +restart() { + script_init stop "$@" + script_command stop "$@" + script_command start "$@" +} + +status() { + script_init status "$@" + ipsec _realsetup status +} +EXTRA_COMMANDS=status +EXTRA_HELP=" status Show the status of the service" diff --git a/net/openswan/patches/110-scripts.patch b/net/openswan/patches/110-scripts.patch new file mode 100644 index 0000000000..d605ceaba4 --- /dev/null +++ b/net/openswan/patches/110-scripts.patch @@ -0,0 +1,33 @@ +diff -urN openswan.old/programs/loggerfix openswan.dev/programs/loggerfix +--- openswan.old/programs/loggerfix 1970-01-01 01:00:00.000000000 +0100 ++++ openswan.dev/programs/loggerfix 2006-10-08 20:41:08.000000000 +0200 +@@ -0,0 +1,5 @@ ++#!/bin/sh ++# use filename instead of /dev/null to log, but dont log to flash or ram ++# pref. log to nfs mount ++echo "$*" >> /dev/null ++exit 0 +diff -urN openswan.old/programs/_plutorun/_plutorun.in openswan.dev/programs/_plutorun/_plutorun.in +--- openswan.old/programs/_plutorun/_plutorun.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_plutorun/_plutorun.in 2006-10-08 20:41:08.000000000 +0200 +@@ -147,7 +147,7 @@ + exit 1 + fi + else +- if test ! -w "`dirname $stderrlog`" ++ if test ! -w "`echo $stderrlog | sed -r 's/(^.*\/)(.*$)/\1/'`" + then + echo Cannot write to directory to create \"$stderrlog\". + exit 1 +diff -urN openswan.old/programs/_realsetup/_realsetup.in openswan.dev/programs/_realsetup/_realsetup.in +--- openswan.old/programs/_realsetup/_realsetup.in 2006-10-08 20:43:21.000000000 +0200 ++++ openswan.dev/programs/_realsetup/_realsetup.in 2006-10-08 20:41:08.000000000 +0200 +@@ -232,7 +232,7 @@ + + # misc pre-Pluto setup + +- perform test -d `dirname $subsyslock` "&&" touch $subsyslock ++ perform test -d `echo $subsyslock | sed -r 's/(^.*\/)(.*$)/\1/'` "&&" touch $subsyslock "&&" rm -f $subsyslock + + if test " $IPSECforwardcontrol" = " yes" + then diff --git a/net/openswan/patches/120-use_dev_urandom.patch b/net/openswan/patches/120-use_dev_urandom.patch new file mode 100644 index 0000000000..6bbcbf1647 --- /dev/null +++ b/net/openswan/patches/120-use_dev_urandom.patch @@ -0,0 +1,39 @@ +Index: openswan-2.4.8/programs/ranbits/ranbits.c +=================================================================== +--- openswan-2.4.8.orig/programs/ranbits/ranbits.c 2007-06-04 13:22:49.835279168 +0200 ++++ openswan-2.4.8/programs/ranbits/ranbits.c 2007-06-04 13:22:51.648003592 +0200 +@@ -29,7 +29,7 @@ + #include + + #ifndef DEVICE +-#define DEVICE "/dev/random" ++#define DEVICE "/dev/urandom" + #endif + #ifndef QDEVICE + #define QDEVICE "/dev/urandom" +Index: openswan-2.4.8/programs/rsasigkey/rsasigkey.c +=================================================================== +--- openswan-2.4.8.orig/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:49.842278104 +0200 ++++ openswan-2.4.8/programs/rsasigkey/rsasigkey.c 2007-06-04 13:22:51.649003440 +0200 +@@ -31,7 +31,7 @@ + #include + + #ifndef DEVICE +-#define DEVICE "/dev/random" ++#define DEVICE "/dev/urandom" + #endif + #ifndef MAXBITS + #define MAXBITS 20000 +Index: openswan-2.4.8/programs/starter/files.h +=================================================================== +--- openswan-2.4.8.orig/programs/starter/files.h 2007-06-04 13:22:49.850276888 +0200 ++++ openswan-2.4.8/programs/starter/files.h 2007-06-04 13:22:51.649003440 +0200 +@@ -36,7 +36,7 @@ + + #define MY_PID_FILE "/var/run/pluto/ipsec-starter.pid" + +-#define DEV_RANDOM "/dev/random" ++#define DEV_RANDOM "/dev/urandom" + #define DEV_URANDOM "/dev/urandom" + + #define PROC_IPSECVERSION "/proc/net/ipsec_version" diff --git a/net/shfs/Makefile b/net/shfs/Makefile new file mode 100644 index 0000000000..fd507217aa --- /dev/null +++ b/net/shfs/Makefile @@ -0,0 +1,89 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=shfs +PKG_VERSION:=0.35 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=@SF/shfs +PKG_MD5SUM:=016f49d71bc32eee2b5d11fc1600cfbe + +include $(INCLUDE_DIR)/package.mk + +define Package/shfs/Default + TITLE:=ShFS + URL:=http://shfs.sourceforge.net/ +endef + +define Package/shfs/Default/description + ShFS is a simple and easy to use Linux kernel module which allows you to + mount remote filesystems using a plain shell (SSH) connection. When using + ShFS, you can access all remote files just like the local ones, only the + access is governed through the transport security of SSH. +endef + +define KernelPackage/shfs +$(call Package/shfs/Default) + TITLE+= (kernel module) + DEPENDS:=@LINUX_2_4 + FILES:=$(PKG_INSTALL_DIR)/lib/modules/$(LINUX_VERSION)/kernel/fs/shfs/shfs.$(LINUX_KMOD_SUFFIX) + SUBMENU:=Filesystems + AUTOLOAD:=$(call AutoLoad,40,shfs) +endef + +define KernelPackage/shfs/description +$(call Package/shfs/Default/description) + This package contains the ShFS kernel module. +endef + +define Package/shfs-utils +$(call Package/shfs/Default) + SECTION:=utils + CATEGORY:=Utilities + DEPENDS+=+kmod-shfs + TITLE+= (utilities) +endef + +define Package/shfs-utils/description +$(call Package/shfs/Default/description) + This package contains the ShFS utilities. +endef + +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + OFLAGS="$(TARGET_CFLAGS)" \ + CC="$(TARGET_CC)" \ + LINKER="$(TARGET_CC)" \ + KERNEL="$(LINUX_VERSION)" \ + KERNEL_SOURCES="$(LINUX_DIR)" \ + ROOT="$(PKG_INSTALL_DIR)" \ + module module-install + $(MAKE) -C $(PKG_BUILD_DIR) \ + OFLAGS="$(TARGET_CFLAGS)" \ + CC="$(TARGET_CC)" \ + LINKER="$(TARGET_CC)" \ + KERNEL_SOURCES="$(LINUX_DIR)" \ + ROOT="$(PKG_INSTALL_DIR)" \ + utils utils-install +endef + +define Package/shfs-utils/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/shfs{,u}mount $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/sbin + ln -sf /usr/bin/shfsmount $(1)/sbin/mount.shfs +endef + +$(eval $(call KernelPackage,shfs)) +$(eval $(call BuildPackage,shfs-utils)) diff --git a/net/shfs/patches/100-kmod_build.patch b/net/shfs/patches/100-kmod_build.patch new file mode 100644 index 0000000000..16f198c4f6 --- /dev/null +++ b/net/shfs/patches/100-kmod_build.patch @@ -0,0 +1,100 @@ +Index: shfs-0.35/shfs/Linux-2.4/Makefile +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.143016200 +0200 ++++ shfs-0.35/shfs/Linux-2.4/Makefile 2007-06-04 13:22:58.209006168 +0200 +@@ -1,3 +1,13 @@ ++# ++# the original Makefile was trashed and replaced by this one ++# The main reason is that loadable modules should be built with ++# the same compile flags the kernel was built with, so we'd better ++# let the kernel tree build the module for us, like that : ++# ++# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules ++# make -C $(KERNEL_DIR) SUBDIRS="$(shell pwd)" modules_install ++# ++ + ifndef KERNEL + KERNEL=$(shell uname -r) + endif +@@ -10,67 +20,29 @@ + KERNEL_SOURCES=${MODULESDIR}/build + endif + +-ifeq (${MODVERSIONS},detect) +- ifeq ($(shell test -e ${KERNEL_SOURCES}/include/linux/modversions.h; echo $$?),0) +- MODVERSIONS=yes +- endif +-endif +- +-ifeq (${MODVERSIONS},yes) +-MVER=-DMODVERSIONS -DEXPORT_SYMTAB +-endif +- +-LINVER=linux-${KERNEL} +- +-ALL_TARGETS := shfs.o +- +-SEARCHDIRS := -I- -I. -I${KERNEL_SOURCES}/include #-I/usr/src/linux/include/ ++all: all-y + +-CC := gcc +-CFLAGS = -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -Wall ${SEARCHDIRS} -DMODULE ${MVER} -D__KERNEL__ -DLINUX +-LINKER := ld +-LDFLAGS = -r +-LOADLIBES := ++O_TARGET := shfs.o + +-all: ${ALL_TARGETS} ++shfs-objs := dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o + +-%.o: %.c $(wildcard *.h) +- ${CC} ${CFLAGS} -c $< -o $@ ++obj-y := $(shfs-objs) ++obj-m := $(O_TARGET) + +-shfs.o: dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o +- ${LINKER} ${LDFLAGS} -o $@ ${filter-out %.a %.so, $^} ${LOADLIBES} +- +-tidy: +- ${RM} core dcache.o dir.o fcache.o file.o inode.o ioctl.o proc.o shell.o symlink.o +- +-clean: tidy patch-clean +- ${RM} shfs.o ++-include $(TOPDIR)/Rules.make + ++all-y: ++ make -C ${KERNEL_SOURCES} TOPDIR="${KERNEL_SOURCES}" SUBDIRS="$(shell pwd)" modules ++ + install: shfs.o + rm -f ${MODULESDIR}/kernel/fs/shfs/shfs.o + install -m644 -b -D shfs.o ${MODULESDIR}/kernel/fs/shfs/shfs.o +- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi + + uninstall: + rm -rf ${MODULESDIR}/kernel/fs/shfs +- if [ -x /sbin/depmod -a "${ROOT}" = "/" ]; then /sbin/depmod -aq; fi + +-patch: +- rm -rf ${LINVER} ${LINVER}.orig; mkdir ${LINVER}; +- for i in Documentation fs/shfs include/linux; do \ +- mkdir -p ${LINVER}/$$i; \ +- done +- cp ${KERNEL_SOURCES}/Documentation/Configure.help ${LINVER}/Documentation +- cp ${KERNEL_SOURCES}/fs/{Makefile,Config.in} ${LINVER}/fs +- cp -r ${LINVER} ${LINVER}.orig +- cp ../../Changelog *.c shfs_debug.h proc.h ${LINVER}/fs/shfs/ +- cp shfs.h shfs_fs* ${LINVER}/include/linux/ +- (cd ${LINVER}; patch -p1 <../kernel-config.diff) +- find . -type f -name "*.orig" -print | xargs rm -f +- diff -urN ${LINVER}.orig ${LINVER} >${LINVER}.diff; true +- +-patch-clean: +- rm -rf ${LINVER} ${LINVER}.orig; +- rm -f ${LINVER}.diff +- +-.PHONY : all tidy clean install uninstall patch patch-clean ++clean: ++ rm -f core *.o *.a *.s ++ ++shfs.o: $(shfs-objs) ++ diff --git a/net/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch b/net/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch new file mode 100644 index 0000000000..e7754b037d --- /dev/null +++ b/net/shfs/patches/101-shfs_0.35_2.6.18_dentry.patch @@ -0,0 +1,166 @@ +Index: shfs-0.35/shfs/Linux-2.6/inode.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.091024104 +0200 ++++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200 +@@ -337,12 +337,21 @@ + return -EINVAL; + } + ++#ifdef NEW_VFS_DENTRY_API ++static int ++shfs_get_sb(struct file_system_type *fs_type, ++ int flags, const char *dev_name, void *data, struct vfsmount *mnt) ++{ ++ return get_sb_nodev(fs_type, flags, data, shfs_read_super, mnt); ++} ++#else + static struct super_block * + shfs_get_sb(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) + { + return get_sb_nodev(fs_type, flags, data, shfs_read_super); + } ++#endif + + static struct file_system_type sh_fs_type = { + .owner = THIS_MODULE, +Index: shfs-0.35/shfs/Linux-2.6/file.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.096023344 +0200 ++++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200 +@@ -199,7 +199,7 @@ + } + + static int +-shfs_file_flush(struct file *f) ++do_file_flush(struct file *f) + { + struct dentry *dentry = f->f_dentry; + struct shfs_sb_info *info = info_from_dentry(dentry); +@@ -222,6 +222,16 @@ + } + + static int ++#ifdef FLUSH_HAS_LOCK_OWNER ++shfs_file_flush(struct file *f, fl_owner_t id) ++#else ++shfs_file_flush(struct file *f) ++#endif ++{ ++ return do_file_flush(f); ++} ++ ++static int + shfs_file_release(struct inode *inode, struct file *f) + { + struct dentry *dentry = f->f_dentry; +@@ -311,7 +321,7 @@ + DEBUG("\n"); + written = generic_file_write(f, buf, count, offset); + if (written > 0) { +- result = shfs_file_flush(f); ++ result = do_file_flush(f); + written = result < 0 ? result: written; + } + +Index: shfs-0.35/shfs/Linux-2.6/proc.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.102022432 +0200 ++++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200 +@@ -570,6 +570,16 @@ + return result; + } + ++#ifdef NEW_VFS_DENTRY_API ++int ++shfs_statfs(struct dentry *dentry, struct kstatfs *attr) ++{ ++ struct shfs_sb_info *info = info_from_sb(dentry->d_sb); ++ ++ DEBUG("\n"); ++ return info->fops.statfs(info, attr); ++} ++#else + int + shfs_statfs(struct super_block *sb, struct kstatfs *attr) + { +@@ -578,4 +588,5 @@ + DEBUG("\n"); + return info->fops.statfs(info, attr); + } ++#endif + +Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.107021672 +0200 ++++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200 +@@ -9,6 +9,12 @@ + + #include + #include ++#include ++ ++#if LINUX_VERSION_CODE > KERNEL_VERSION(2,6,17) ++#define NEW_VFS_DENTRY_API ++#define FLUSH_HAS_LOCK_OWNER ++#endif + + #define SHFS_MAX_AGE(info) (((info)->ttl * HZ) / 1000) + #define SOCKBUF_SIZE (SHFS_PATH_MAX * 10) +@@ -101,7 +107,12 @@ + void set_garbage(struct shfs_sb_info *info, int write, int count); + int get_name(struct dentry *d, char *name); + int shfs_notify_change(struct dentry *dentry, struct iattr *attr); ++ ++#ifdef NEW_VFS_DENTRY_API ++int shfs_statfs(struct dentry *dentry, struct kstatfs *attr); ++#else + int shfs_statfs(struct super_block *sb, struct kstatfs *attr); ++#endif + + /* shfs/inode.c */ + void shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr); +Index: shfs-0.35/shfs/Linux-2.6/symlink.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.113020760 +0200 ++++ shfs-0.35/shfs/Linux-2.6/symlink.c 2007-06-04 13:22:58.398977288 +0200 +@@ -41,7 +41,7 @@ + return result; + } + +-static int ++static void * + shfs_follow_link(struct dentry *dentry, struct nameidata *nd) + { + struct shfs_sb_info *info = info_from_dentry(dentry); +@@ -61,7 +61,7 @@ + DEBUG("%s\n", real_name); + result = vfs_follow_link(nd, real_name); + error: +- return result; ++ return NULL; + } + + struct inode_operations shfs_symlink_inode_operations = { +Index: shfs-0.35/shfs/Linux-2.6/dcache.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.121019544 +0200 ++++ shfs-0.35/shfs/Linux-2.6/dcache.c 2007-06-04 13:22:58.398977288 +0200 +@@ -68,7 +68,7 @@ + spin_lock(&dcache_lock); + next = parent->d_subdirs.next; + while (next != &parent->d_subdirs) { +- dentry = list_entry(next, struct dentry, d_child); ++ dentry = list_entry(next, struct dentry, d_u.d_child); + dentry->d_fsdata = NULL; + shfs_age_dentry(info, dentry); + next = next->next; +@@ -101,7 +101,7 @@ + spin_lock(&dcache_lock); + next = parent->d_subdirs.next; + while (next != &parent->d_subdirs) { +- dent = list_entry(next, struct dentry, d_child); ++ dent = list_entry(next, struct dentry, d_u.d_child); + if ((unsigned long)dent->d_fsdata == fpos) { + if (dent->d_inode) + dget_locked(dent); diff --git a/net/shfs/patches/102-shfs_0.35_clean_inode_clear.patch b/net/shfs/patches/102-shfs_0.35_clean_inode_clear.patch new file mode 100644 index 0000000000..f12fc96509 --- /dev/null +++ b/net/shfs/patches/102-shfs_0.35_clean_inode_clear.patch @@ -0,0 +1,22 @@ +Index: shfs-0.35/shfs/Linux-2.6/inode.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.397977440 +0200 ++++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200 +@@ -8,6 +8,7 @@ + #include + #endif + ++#include + #include + #include + #include +@@ -118,6 +119,9 @@ + } + KMEM_FREE("inode", inode_cache, i); + out: ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,13)) ++ truncate_inode_pages(&inode->i_data, 0); ++#endif + clear_inode(inode); + } + diff --git a/net/shfs/patches/103-shfs_0.35_gcc4.patch b/net/shfs/patches/103-shfs_0.35_gcc4.patch new file mode 100644 index 0000000000..e4c13882c4 --- /dev/null +++ b/net/shfs/patches/103-shfs_0.35_gcc4.patch @@ -0,0 +1,25 @@ +Index: shfs-0.35/shfs/Linux-2.6/dir.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.041031704 +0200 ++++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200 +@@ -19,6 +19,8 @@ + #include "shfs_debug.h" + #include "proc.h" + ++static struct dentry_operations shfs_dentry_operations; ++ + static int + shfs_dir_open(struct inode *inode, struct file *filp) + { +Index: shfs-0.35/shfs/Linux-2.6/shfs_fs.h +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.398977288 +0200 ++++ shfs-0.35/shfs/Linux-2.6/shfs_fs.h 2007-06-04 13:22:58.823912688 +0200 +@@ -56,7 +56,6 @@ + #define ROUND_TO_MINS(x) do { (x).tv_sec = ((x).tv_sec / 60) * 60; (x).tv_nsec = 0; } while (0) + + /* shfs/dir.c */ +-extern struct dentry_operations shfs_dentry_operations; + extern struct file_operations shfs_dir_operations; + extern struct inode_operations shfs_dir_inode_operations; + extern void shfs_new_dentry(struct dentry *dentry); diff --git a/net/shfs/patches/104-shfs_0.35_inode_and_fs.patch b/net/shfs/patches/104-shfs_0.35_inode_and_fs.patch new file mode 100644 index 0000000000..0953e6b0aa --- /dev/null +++ b/net/shfs/patches/104-shfs_0.35_inode_and_fs.patch @@ -0,0 +1,377 @@ +Index: shfs-0.35/shfs/Linux-2.6/fcache.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:57.997038392 +0200 ++++ shfs-0.35/shfs/Linux-2.6/fcache.c 2007-06-04 13:22:59.019882896 +0200 +@@ -100,7 +100,11 @@ + VERBOSE("dir in file cache?\n"); + return -EINVAL; + } ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ p = (struct shfs_inode_info *)inode->i_private; ++#else + p = (struct shfs_inode_info *)inode->u.generic_ip; ++#endif + if (!p) { + VERBOSE("inode without info\n"); + return -EINVAL; +@@ -127,7 +131,11 @@ + VERBOSE("dir in file cache?\n"); + return -EINVAL; + } ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ p = (struct shfs_inode_info *)inode->i_private; ++#else + p = (struct shfs_inode_info *)inode->u.generic_ip; ++#endif + if (!p) { + VERBOSE("inode without info\n"); + return -EINVAL; +@@ -160,7 +168,11 @@ + if (result == 0) { + struct shfs_inode_info *p; + ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ p = (struct shfs_inode_info *)f->f_dentry->d_inode->i_private; ++#else + p = (struct shfs_inode_info *)f->f_dentry->d_inode->u.generic_ip; ++#endif + if (!p) { + VERBOSE("inode without info\n"); + return -EINVAL; +@@ -184,7 +196,11 @@ + return -EINVAL; + } + DEBUG("ino: %lu\n", inode->i_ino); ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ p = (struct shfs_inode_info *)inode->i_private; ++#else + p = (struct shfs_inode_info *)inode->u.generic_ip; ++#endif + if (!p) { + VERBOSE("inode without info\n"); + return -EINVAL; +@@ -226,7 +242,11 @@ + VERBOSE("dir in file cache?\n"); + return -EINVAL; + } ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ p = (struct shfs_inode_info *)inode->i_private; ++#else + p = (struct shfs_inode_info *)inode->u.generic_ip; ++#endif + if (!p) { + VERBOSE("inode without info\n"); + return -EINVAL; +@@ -327,7 +347,11 @@ + VERBOSE("dir in file cache?\n"); + return -EINVAL; + } ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ p = (struct shfs_inode_info *)inode->i_private; ++#else + p = (struct shfs_inode_info *)inode->u.generic_ip; ++#endif + if (!p) { + VERBOSE("inode without info\n"); + return -EINVAL; +Index: shfs-0.35/shfs/Linux-2.6/inode.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-04 13:22:58.637940960 +0200 ++++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-04 13:22:59.020882744 +0200 +@@ -36,7 +36,11 @@ + shfs_set_inode_attr(struct inode *inode, struct shfs_fattr *fattr) + { + struct shfs_sb_info *info = info_from_inode(inode); ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ struct shfs_inode_info *i = inode->i_private; ++#else + struct shfs_inode_info *i = inode->u.generic_ip; ++#endif + struct timespec last_time = inode->i_mtime; + loff_t last_size = inode->i_size; + +@@ -53,7 +57,9 @@ + inode->i_ctime = fattr->f_ctime; + inode->i_atime = fattr->f_atime; + inode->i_mtime = fattr->f_mtime; ++#ifdef STRUCT_INODE_HAS_I_BLKSIZE + inode->i_blksize= fattr->f_blksize; ++#endif + inode->i_blocks = fattr->f_blocks; + inode->i_size = fattr->f_size; + +@@ -76,7 +82,11 @@ + if (!inode) + return NULL; + inode->i_ino = fattr->f_ino; ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ i = inode->i_private = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL); ++#else + i = inode->u.generic_ip = (struct shfs_inode_info *)KMEM_ALLOC("inode", inode_cache, GFP_KERNEL); ++#endif + if (!i) + return NULL; + i->cache = NULL; +@@ -108,7 +118,11 @@ + struct shfs_inode_info *i; + + DEBUG("ino: %lu\n", inode->i_ino); ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ i = (struct shfs_inode_info *)inode->i_private; ++#else + i = (struct shfs_inode_info *)inode->u.generic_ip; ++#endif + if (!i) { + VERBOSE("invalid inode\n"); + goto out; +@@ -176,7 +190,11 @@ + { + struct shfs_sb_info *info = info_from_dentry(dentry); + struct inode *inode = dentry->d_inode; ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private; ++#else + struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip; ++#endif + int result; + + DEBUG("%s\n", dentry->d_name.name); +Index: shfs-0.35/shfs/Linux-2.6/dir.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-04 13:22:58.822912840 +0200 ++++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-04 13:22:59.020882744 +0200 +@@ -302,8 +302,13 @@ + + shfs_invalid_dir_cache(dir); + result = shfs_instantiate(dentry); ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ if (forced_write && dentry->d_inode && dentry->d_inode->i_private) ++ ((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close = 1; ++#else + if (forced_write && dentry->d_inode && dentry->d_inode->u.generic_ip) + ((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close = 1; ++#endif + return result; + } + +Index: shfs-0.35/shfs/Linux-2.6/file.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/file.c 2007-06-04 13:22:58.397977440 +0200 ++++ shfs-0.35/shfs/Linux-2.6/file.c 2007-06-04 13:22:59.020882744 +0200 +@@ -90,7 +90,11 @@ + struct dentry *dentry = f->f_dentry; + struct shfs_sb_info *info = info_from_dentry(dentry); + struct inode *inode = p->mapping->host; ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ struct shfs_inode_info *i = (struct shfs_inode_info *)inode->i_private; ++#else + struct shfs_inode_info *i = (struct shfs_inode_info *)inode->u.generic_ip; ++#endif + char *buffer = kmap(p) + offset; + int written = 0, result; + unsigned count = to - offset; +@@ -252,8 +256,13 @@ + } + } + /* if file was forced to be writeable, change attrs back on close */ ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ if (dentry->d_inode && dentry->d_inode->i_private) { ++ if (((struct shfs_inode_info *)dentry->d_inode->i_private)->unset_write_on_close) { ++#else + if (dentry->d_inode && dentry->d_inode->u.generic_ip) { + if (((struct shfs_inode_info *)dentry->d_inode->u.generic_ip)->unset_write_on_close) { ++#endif + char name[SHFS_PATH_MAX]; + + if (get_name(dentry, name) < 0) +@@ -302,7 +311,8 @@ + goto error; + } + if (result != 0) { +- copy_to_user(buf, (char *)page, result); ++ if (copy_to_user(buf, (char *)page, result)) ++ goto error; + *ppos += result; + } + error: +@@ -315,11 +325,15 @@ + static ssize_t + shfs_slow_write(struct file *f, const char *buf, size_t count, loff_t *offset) + { +- int written = 0; ++ ssize_t written = 0; + int result; + + DEBUG("\n"); ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ written = do_sync_write(f, buf, count, offset); ++#else + written = generic_file_write(f, buf, count, offset); ++#endif + if (written > 0) { + result = do_file_flush(f); + written = result < 0 ? result: written; +@@ -330,14 +344,23 @@ + + struct file_operations shfs_file_operations = { + .llseek = generic_file_llseek, ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ .read = do_sync_read, ++ .write = do_sync_write, ++#else + .read = generic_file_read, + .write = generic_file_write, ++#endif + .ioctl = shfs_ioctl, + .mmap = generic_file_mmap, + .open = shfs_file_open, + .flush = shfs_file_flush, + .release = shfs_file_release, + .fsync = shfs_file_sync, ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ .aio_read = generic_file_aio_read, ++ .aio_write = generic_file_aio_write, ++#endif + }; + + struct file_operations shfs_slow_operations = { +Index: shfs-0.35/shfs/Linux-2.6/proc.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/proc.c 2007-06-04 13:22:58.398977288 +0200 ++++ shfs-0.35/shfs/Linux-2.6/proc.c 2007-06-04 13:22:59.021882592 +0200 +@@ -149,7 +149,12 @@ + { + struct file *f = info->sock; + mm_segment_t fs; ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ ssize_t result = 0; ++ loff_t begin; ++#else + int c, result = 0; ++#endif + unsigned long flags, sigpipe; + sigset_t old_set; + +@@ -161,7 +166,9 @@ + return result; + } + ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)) + c = count; ++#endif + + fs = get_fs(); + set_fs(get_ds()); +@@ -173,6 +180,16 @@ + SIGRECALC; + SIGUNLOCK(flags); + ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ begin = f->f_pos; ++ result = do_sync_write(f, buffer, count, &f->f_pos); ++ ++ if (result < 0) { ++ DEBUG("error: %d\n", result); ++ fput(f); ++ info->sock = NULL; ++ } ++#else + do { + struct iovec vec[1]; + +@@ -190,6 +207,7 @@ + buffer += result; + c -= result; + } while (c > 0); ++#endif + + SIGLOCK(flags); + if (result == -EPIPE && !sigpipe) { +@@ -204,7 +222,11 @@ + + DEBUG(">%d\n", result); + if (result < 0) ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ set_garbage(info, 1, count - (f->f_pos - begin)); ++#else + set_garbage(info, 1, c); ++#endif + else + result = count; + return result; +@@ -222,6 +244,9 @@ + int c, result = 0; + unsigned long flags, sigpipe; + sigset_t old_set; ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ loff_t begin; ++#endif + + if (!f) + return -EIO; +@@ -256,6 +281,20 @@ + fs = get_fs(); + set_fs(get_ds()); + ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ begin = f->f_pos; ++ result = do_sync_read(f, buffer, c, &f->f_pos); ++ ++ if (!result) { ++ /* peer has closed socket */ ++ result = -EIO; ++ } ++ if (result < 0) { ++ DEBUG("error: %d\n", result); ++ fput(f); ++ info->sock = NULL; ++ } ++#else + do { + struct iovec vec[1]; + +@@ -277,6 +316,7 @@ + buffer += result; + c -= result; + } while (c > 0); ++#endif + + SIGLOCK(flags); + if (result == -EPIPE && !sigpipe) { +@@ -291,7 +331,11 @@ + + DEBUG("<%d\n", result); + if (result < 0) ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ set_garbage(info, 0, count - (f->f_pos - begin)); ++#else + set_garbage(info, 0, c); ++#endif + else + result = count; + return result; +@@ -316,8 +360,10 @@ + return result; + } + while (1) { ++#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)) + struct iovec vec[1]; + ++#endif + nl = memchr(BUFFER, '\n', LEN); + if (nl) { + *nl = '\0'; +@@ -348,9 +394,13 @@ + fs = get_fs(); + set_fs(get_ds()); + ++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)) ++ result = do_sync_read(f, BUFFER+LEN, c, &f->f_pos); ++#else + vec[0].iov_base = BUFFER+LEN; + vec[0].iov_len = c; + result = f->f_op->readv(f, (const struct iovec *)&vec, 1, &f->f_pos); ++#endif + SIGLOCK(flags); + if (result == -EPIPE && !sigpipe) { + sigdelset(¤t->pending.signal, SIGPIPE); diff --git a/net/shfs/patches/105-space_chars.patch b/net/shfs/patches/105-space_chars.patch new file mode 100644 index 0000000000..03ad8328c6 --- /dev/null +++ b/net/shfs/patches/105-space_chars.patch @@ -0,0 +1,70 @@ +Index: shfs-0.35/shfs/Linux-2.4/shell.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:57.970042496 +0200 ++++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200 +@@ -213,6 +213,7 @@ + int c = 0; + int is_space = 1; + int device = 0; ++ char *start = s; + + while (*s) { + if (c == DIR_COLS) +@@ -227,17 +228,20 @@ + s++; + } + *s = '\0'; ++ start = s+1; + is_space = 1; ++ } else { ++ if (c != DIR_NAME) ++ start = s+1; + } + } else { + if (is_space) { + /* (b)lock/(c)haracter device hack */ +- col[c++] = s; ++ col[c++] = start; + is_space = 0; + if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) { + device = 1; + } +- + } + } + s++; +Index: shfs-0.35/shfs/Linux-2.6/shell.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:57.977041432 +0200 ++++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200 +@@ -225,6 +225,7 @@ + int c = 0; + int is_space = 1; + int device = 0; ++ char *start = s; + + while (*s) { + if (c == DIR_COLS) +@@ -239,17 +240,20 @@ + s++; + } + *s = '\0'; ++ start = s+1; + is_space = 1; ++ } else { ++ if (c != DIR_NAME) ++ start = s+1; + } + } else { + if (is_space) { + /* (b)lock/(c)haracter device hack */ +- col[c++] = s; ++ col[c++] = start; + is_space = 0; + if ((c-1 == DIR_PERM) && ((*s == 'b')||(*s == 'c'))) { + device = 1; + } +- + } + } + s++; diff --git a/net/shfs/patches/106-uidgid32.patch b/net/shfs/patches/106-uidgid32.patch new file mode 100644 index 0000000000..60510a28d3 --- /dev/null +++ b/net/shfs/patches/106-uidgid32.patch @@ -0,0 +1,38 @@ +Index: shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:57.941046904 +0200 ++++ shfs-0.35/shfs/Linux-2.4/shfs_fs_sb.h 2007-06-04 13:22:59.448817688 +0200 +@@ -38,10 +38,10 @@ + struct shfs_fileops fops; + int version; + int ttl; +- __kernel_uid_t uid; +- __kernel_gid_t gid; +- __kernel_mode_t root_mode; +- __kernel_mode_t fmask; ++ uid_t uid; ++ gid_t gid; ++ mode_t root_mode; ++ mode_t fmask; + char mount_point[SHFS_PATH_MAX]; + struct semaphore sock_sem; /* next 4 vars are guarded */ + struct file *sock; +Index: shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:57.949045688 +0200 ++++ shfs-0.35/shfs/Linux-2.6/shfs_fs_sb.h 2007-06-04 13:22:59.449817536 +0200 +@@ -38,10 +38,10 @@ + struct shfs_fileops fops; + int version; + int ttl; +- __kernel_uid_t uid; +- __kernel_gid_t gid; +- __kernel_mode_t root_mode; +- __kernel_mode_t fmask; ++ uid_t uid; ++ gid_t gid; ++ mode_t root_mode; ++ mode_t fmask; + char mount_point[SHFS_PATH_MAX]; + struct semaphore sock_sem; /* next 4 vars are guarded */ + struct file *sock; diff --git a/net/shfs/patches/107-df.patch b/net/shfs/patches/107-df.patch new file mode 100644 index 0000000000..ca2c9d079a --- /dev/null +++ b/net/shfs/patches/107-df.patch @@ -0,0 +1,38 @@ +Index: shfs-0.35/shfs/Linux-2.4/shell.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.249847936 +0200 ++++ shfs-0.35/shfs/Linux-2.4/shell.c 2007-06-04 13:22:59.643788048 +0200 +@@ -961,11 +961,11 @@ + + s = info->sockbuf; + if ((p = strsep(&s, " "))) +- attr->f_blocks = simple_strtoull(p, NULL, 10); ++ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2; + if ((p = strsep(&s, " "))) +- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10); ++ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2); + if ((p = strsep(&s, " "))) +- attr->f_bavail = simple_strtoull(p, NULL, 10); ++ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2; + + result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE); + if (result < 0) +Index: shfs-0.35/shfs/Linux-2.6/shell.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.249847936 +0200 ++++ shfs-0.35/shfs/Linux-2.6/shell.c 2007-06-04 13:22:59.643788048 +0200 +@@ -974,11 +974,11 @@ + + s = info->sockbuf; + if ((p = strsep(&s, " "))) +- attr->f_blocks = simple_strtoull(p, NULL, 10); ++ attr->f_blocks = simple_strtoull(p, NULL, 10) >> 2; + if ((p = strsep(&s, " "))) +- attr->f_bfree = attr->f_blocks - simple_strtoull(p, NULL, 10); ++ attr->f_bfree = attr->f_blocks - (simple_strtoull(p, NULL, 10) >> 2); + if ((p = strsep(&s, " "))) +- attr->f_bavail = simple_strtoull(p, NULL, 10); ++ attr->f_bavail = simple_strtoull(p, NULL, 10) >> 2; + + result = sock_readln(info, info->sockbuf, SOCKBUF_SIZE); + if (result < 0) diff --git a/net/shfs/patches/108-no_update_mtab.patch b/net/shfs/patches/108-no_update_mtab.patch new file mode 100644 index 0000000000..9b4a9aeeb0 --- /dev/null +++ b/net/shfs/patches/108-no_update_mtab.patch @@ -0,0 +1,28 @@ +Index: shfs-0.35/shfsmount/shfsmount.c +=================================================================== +--- shfs-0.35.orig/shfsmount/shfsmount.c 2007-06-04 13:22:57.883055720 +0200 ++++ shfs-0.35/shfsmount/shfsmount.c 2007-06-04 13:22:59.838758408 +0200 +@@ -74,7 +74,7 @@ + static int have_uid = 0; + + /* do not update /etc/mtab */ +-static int nomtab = 0; ++static int nomtab = 1; + + /* preserve owner of files */ + static int preserve = 0; +Index: shfs-0.35/shfsmount/shfsumount.c +=================================================================== +--- shfs-0.35.orig/shfsmount/shfsumount.c 2007-06-04 13:22:57.890054656 +0200 ++++ shfs-0.35/shfsmount/shfsumount.c 2007-06-04 13:22:59.838758408 +0200 +@@ -67,10 +67,6 @@ + FILE *new_mtab; + struct mntent *ment; + +- if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) { +- fprintf(stderr, "Can't get "MOUNTED"~ lock file"); +- return 0; +- } + close(fd); + if ((mtab = setmntent(MOUNTED, "r")) == NULL) { + fprintf(stderr, "Can't open " MOUNTED ": %s\n", strerror(errno)); diff --git a/net/shfs/patches/109-linux_2.6.22.patch b/net/shfs/patches/109-linux_2.6.22.patch new file mode 100644 index 0000000000..c91e0526d0 --- /dev/null +++ b/net/shfs/patches/109-linux_2.6.22.patch @@ -0,0 +1,26 @@ +Index: shfs-0.35/shfs/Linux-2.6/dir.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/dir.c 2007-06-17 04:08:32.449815896 +0200 ++++ shfs-0.35/shfs/Linux-2.6/dir.c 2007-06-17 04:08:41.766399560 +0200 +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + + #include "shfs_fs.h" + #include "shfs_fs_i.h" +Index: shfs-0.35/shfs/Linux-2.6/inode.c +=================================================================== +--- shfs-0.35.orig/shfs/Linux-2.6/inode.c 2007-06-17 04:09:01.961329464 +0200 ++++ shfs-0.35/shfs/Linux-2.6/inode.c 2007-06-17 04:13:08.501849608 +0200 +@@ -15,6 +15,9 @@ + #include + #include + #include ++#include ++#include ++#include + + #include "shfs_fs.h" + #include "shfs_fs_sb.h" diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile new file mode 100644 index 0000000000..65a77bef5d --- /dev/null +++ b/net/strongswan/Makefile @@ -0,0 +1,98 @@ +# +# Copyright (C) 2006 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# $Id$ + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=strongswan +PKG_VERSION:=2.8.2 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=http://download.strongswan.org/ +PKG_MD5SUM:=57427f5b48123851a73b10d78dd4f8d6 + +include $(INCLUDE_DIR)/package.mk + +define Package/strongswan/Default + TITLE:=strongSwan + DEPENDS:=@LINUX_2_4 + URL:=http://www.strongswan.org/ +endef + +define Package/strongswan/Default/description + strongSwan is an IPsec implementation for Linux. +endef + +define Package/strongswan +$(call Package/strongswan/Default) + SECTION:=net + CATEGORY:=Network + DEPENDS:=+kmod-strongswan +libgmp @LINUX_2_4 + TITLE+= (daemon) +endef + +define Package/strongswan/description +$(call Package/strongswan/Default/description) + This package contains the strongSwan user-land daemon. +endef + +define KernelPackage/strongswan +$(call Package/strongswan/Default) + SUBMENU:=Network Support + TITLE+= (kernel module) + DEPENDS:=@LINUX_2_4 + FILES:=$(PKG_BUILD_DIR)/linux/net/ipsec/ipsec.$(LINUX_KMOD_SUFFIX) + AUTOLOAD:=$(call AutoLoad,50,ipsec) +endef + +define KernelPackage/strongswan/description +$(call Package/strongswan/Default/description) + This package contains the strongSwan kernel module. +endef + +PKG_MAKE_OPTS:= \ + LINUX_RELEASE="$(LINUX_RELEASE)" \ + KERNELSRC="$(LINUX_DIR)" \ + ARCH="$(LINUX_KARCH)" \ + CROSS_COMPILE="$(TARGET_CROSS)" \ + USERCOMPILE="$(TARGET_CFLAGS) -I./linux/include $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS)" \ + IPSECDIR="/usr/lib/ipsec" \ + INC_USRLOCAL="/usr" \ + +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + $(PKG_MAKE_OPTS) \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + DESTDIR="$(PKG_INSTALL_DIR)" \ + programs module install +endef + +define Package/strongswan/install + $(CP) $(PKG_INSTALL_DIR)/* $(1) + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DIR) $(1)/etc/cron.tick + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_DIR) $(1)/etc/hotplug.d/button + $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec + $(INSTALL_BIN) ./files/ipsec.cron $(1)/etc/cron.tick/ipsec-wakeup + $(INSTALL_BIN) ./files/ipsec.iface $(1)/etc/hotplug.d/iface/65-ipsec + $(INSTALL_BIN) ./files/ipsec.button $(1)/etc/hotplug.d/button/65-ipsec + $(INSTALL_DATA) ./files/ipsec.config $(1)/etc/config/ipsec + $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf + rm -rf $(1)/usr/share + rm -rf $(1)/usr/man + rm -rf $(1)/var + rm -rf $(1)/etc/rc.d + find $(1) -name \*.old | xargs rm -rf +endef + +$(eval $(call BuildPackage,strongswan)) +$(eval $(call KernelPackage,strongswan)) diff --git a/net/strongswan/files/ipsec.button b/net/strongswan/files/ipsec.button new file mode 100644 index 0000000000..9bd9023560 --- /dev/null +++ b/net/strongswan/files/ipsec.button @@ -0,0 +1,34 @@ +#!/bin/sh + +# snarf the code that loads the config values +# since we also load the functions, might as well save the shell calls +. /etc/init.d/ipsec + +[ -n "$IPSEC_RESET_BUTTON" -a "$BUTTON" = "$IPSEC_RESET_BUTTON" ] || exit + +if [ ! -e /var/run/pluto.pid ] ; then + + [ "$ACTION" = "pressed" ] && start + +else + + if [ "$ACTION" = "pressed" ] ; then + + stop + + elif [ "$ACTION" = "released" ] ; then + + while [ -e /var/run/pluto.pid ] ; do + sleep 1 + done + + while ps auxww | grep ipsec | grep -v grep ; do + sleep 1 + done + + start + + fi + +fi + diff --git a/net/strongswan/files/ipsec.conf b/net/strongswan/files/ipsec.conf new file mode 100644 index 0000000000..8f59008831 --- /dev/null +++ b/net/strongswan/files/ipsec.conf @@ -0,0 +1,34 @@ + +version 2.0 + +config setup + interfaces=%defaultroute + nat_traversal=yes # required on both ends + uniqueids=yes # makes sense on client, not server + hidetos=no + +conn %default + authby=rsasig + keyingtries=3 + keyexchange=ike + left=%defaultroute + leftrsasigkey=%cert + rightrsasigkey=%cert + dpdtimeout=30 # keepalive must arrive within + dpddelay=5 # secs before keepalives start + compress=no # breaks double nat installations + pfs=yes + +conn sample + leftca=%same + leftcert=my.certificate.crt + leftsourceip=192.168.10.1 + leftsubnet=192.168.10.0/24 + right=my.vpn.concentrator.net. + rightca=%same + rightid="C=??, ST=??, O=??, OU=??, CN=my.vpn.concentrator.net, E=root@concentrator.net" + rightsourceip=192.168.11.1 + rightsubnet=192.168.11.0/24 + dpdaction=hold + auto=start + diff --git a/net/strongswan/files/ipsec.config b/net/strongswan/files/ipsec.config new file mode 100644 index 0000000000..b4865e40b5 --- /dev/null +++ b/net/strongswan/files/ipsec.config @@ -0,0 +1,21 @@ + +# Configure button/light behavior here. +config device + option reset_button ses + option status_start ses_orange + option status_valid ses_white + +# iptables setup for traffic to/from this host +config filter + option rule_in input_rule + option dest_in ACCEPT + option rule_out output_rule + option dest_out ACCEPT + +# iptables setup for traffic to/from another host +config forward + option rule_in forwarding_rule + option dest_in forwarding_vpn_in + option rule_out forwarding_rule + option dest_out forwarding_vpn_out + diff --git a/net/strongswan/files/ipsec.cron b/net/strongswan/files/ipsec.cron new file mode 100644 index 0000000000..d8c7dccfa8 --- /dev/null +++ b/net/strongswan/files/ipsec.cron @@ -0,0 +1,2 @@ +#!/bin/sh +/usr/sbin/ipsec wakeup diff --git a/net/strongswan/files/ipsec.iface b/net/strongswan/files/ipsec.iface new file mode 100644 index 0000000000..0716bf79bc --- /dev/null +++ b/net/strongswan/files/ipsec.iface @@ -0,0 +1,8 @@ +NAME=ipsec +CTLFILE="/var/run/pluto.ctl" + +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] || exit + +[ -e "$CTLFILE" ] || exit + +/etc/init.d/ipsec update diff --git a/net/strongswan/files/ipsec.init b/net/strongswan/files/ipsec.init new file mode 100644 index 0000000000..4e8b8a2166 --- /dev/null +++ b/net/strongswan/files/ipsec.init @@ -0,0 +1,101 @@ +#!/bin/sh /etc/rc.common + +START=65 + +config_cb() { + local cfg="$CONFIG_SECTION" + local cfgt + config_get cfgt "$cfg" TYPE + + case "$cfgt" in + device) + config_get IPSEC_RESET_BUTTON $cfg reset_button + config_get IPSEC_STATUS_LED_START $cfg status_start + config_get IPSEC_STATUS_LED_VALID $cfg status_valid + ;; + filter) + config_get IPSEC_UPDOWN_RULE_IN $cfg rule_in + config_get IPSEC_UPDOWN_DEST_IN $cfg dest_in + config_get IPSEC_UPDOWN_RULE_OUT $cfg rule_out + config_get IPSEC_UPDOWN_DEST_OUT $cfg dest_out + ;; + forward) + config_get IPSEC_UPDOWN_FWD_RULE_IN $cfg rule_in + config_get IPSEC_UPDOWN_FWD_DEST_IN $cfg dest_in + config_get IPSEC_UPDOWN_FWD_RULE_OUT $cfg rule_out + config_get IPSEC_UPDOWN_FWD_DEST_OUT $cfg dest_out + ;; + *) + ;; + esac +} + +config_load ipsec + +export IPSEC_RESET_BUTTON +export IPSEC_STATUS_LED_START +export IPSEC_STATUS_LED_VALID + +export IPSEC_UPDOWN_RULE_IN +export IPSEC_UPDOWN_DEST_IN +export IPSEC_UPDOWN_RULE_OUT +export IPSEC_UPDOWN_DEST_OUT + +export IPSEC_UPDOWN_FWD_RULE_IN +export IPSEC_UPDOWN_FWD_DEST_IN +export IPSEC_UPDOWN_FWD_RULE_OUT +export IPSEC_UPDOWN_FWD_DEST_OUT + + +start() { + + [ -f /etc/ipsec.conf ] || exit + [ -e /var/run/starter.pid ] && exit + + /usr/sbin/ipsec _showstatus start + + # stuff the dnsmasq cache in case dns is on our own subnet + for peer in `grep left= /etc/ipsec.conf | \ + cut -f 1 -d% | cut -f 2 -d=` ; do + ping -c 1 $peer > /dev/null 2>&1 + done + + /usr/sbin/ipsec start || exit + + # work around broken routing behavior: + # a route to the local wan segment will appear + # the need was removed in the patched _updown script + + while ! route -n | grep -q ipsec ; do sleep 1 ; done + + defint=`route -n | awk '/^0.0.0.0/{print $8}'` + defnet=`route -n | grep $defint | awk '!/^0.0.0.0/{print $1}'` + dnmask=`route -n | grep $defint | awk '!/^0.0.0.0/{print $3}'` + tundev=`route -n | grep $defnet | awk '/ipsec/{print $8}'` + + route del -net $defnet netmask $dnmask dev $tundev +} + + +stop() { + + /usr/sbin/ipsec stop 2> /dev/null + + # wait until the shutdown actually happens + while [ -e /var/run/starter.pid ] ; do + if [ -d /proc/`cat /var/run/starter.pid` ] ; then + sleep 1 + else + rm /var/run/starter.pid + fi + done + + # kill any lingering processes + while ps auxww | grep -q ipsec | grep -v init.d; do + kill `ps auxww | grep -v init.d | awk '/\/ipsec\//{print $1}'` 2> /dev/null + sleep 1 + done + + ipsec _showstatus stop +} + diff --git a/net/strongswan/patches/100-ar-fixes.patch b/net/strongswan/patches/100-ar-fixes.patch new file mode 100644 index 0000000000..2e9d7800eb --- /dev/null +++ b/net/strongswan/patches/100-ar-fixes.patch @@ -0,0 +1,81 @@ +Index: strongswan-2.8.2/lib/libcrypto/libaes/Makefile +=================================================================== +--- strongswan-2.8.2.orig/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.777007680 +0200 ++++ strongswan-2.8.2/lib/libcrypto/libaes/Makefile 2007-06-04 13:23:04.873992936 +0200 +@@ -25,10 +25,8 @@ + + $(BLIB): $(LIBOBJ) + /bin/rm -f $(BLIB) +- ar cr $(BLIB) $(LIBOBJ) +- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ +- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ +- else exit 0; fi; fi ++ $(AR) cr $(BLIB) $(LIBOBJ) ++ $(RANLIB) $(BLIB) + + testx: test_main_mac.o $(BLIB) + $(CC) -o $@ $^ +Index: strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile +=================================================================== +--- strongswan-2.8.2.orig/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.783006768 +0200 ++++ strongswan-2.8.2/lib/libcrypto/libblowfish/Makefile 2007-06-04 13:23:04.873992936 +0200 +@@ -58,7 +58,7 @@ + lib: $(LIB) + + $(LIB): $(LIBOBJ) +- $(AR) $(LIB) $(LIBOBJ) ++ $(AR) -r $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) + + # elf +Index: strongswan-2.8.2/lib/libcrypto/libserpent/Makefile +=================================================================== +--- strongswan-2.8.2.orig/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.790005704 +0200 ++++ strongswan-2.8.2/lib/libcrypto/libserpent/Makefile 2007-06-04 13:23:04.873992936 +0200 +@@ -8,10 +8,8 @@ + + $(BLIB): $(LIBOBJ) + /bin/rm -f $(BLIB) +- ar cr $(BLIB) $(LIBOBJ) +- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ +- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ +- else exit 0; fi; fi ++ $(AR) cr $(BLIB) $(LIBOBJ) ++ $(RANLIB) $(BLIB) + + test: test_main.o $(BLIB) + $(CC) -o $@ $^ +Index: strongswan-2.8.2/lib/libcrypto/libsha2/Makefile +=================================================================== +--- strongswan-2.8.2.orig/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.796004792 +0200 ++++ strongswan-2.8.2/lib/libcrypto/libsha2/Makefile 2007-06-04 13:23:04.874992784 +0200 +@@ -9,10 +9,8 @@ + + $(BLIB): $(LIBOBJ) + /bin/rm -f $(BLIB) +- ar cr $(BLIB) $(LIBOBJ) +- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ +- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ +- else exit 0; fi; fi ++ $(AR) cr $(BLIB) $(LIBOBJ) ++ $(RANLIB) $(BLIB) + + test: test_main.o $(BLIB) + $(CC) -o $@ $^ +Index: strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile +=================================================================== +--- strongswan-2.8.2.orig/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.804003576 +0200 ++++ strongswan-2.8.2/lib/libcrypto/libtwofish/Makefile 2007-06-04 13:23:04.874992784 +0200 +@@ -9,10 +9,8 @@ + + $(BLIB): $(LIBOBJ) + /bin/rm -f $(BLIB) +- ar cr $(BLIB) $(LIBOBJ) +- -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ +- else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ +- else exit 0; fi; fi ++ $(AR) cr $(BLIB) $(LIBOBJ) ++ $(RANLIB) $(BLIB) + + test: test_main.o $(BLIB) + $(CC) -o $@ $^ diff --git a/net/strongswan/patches/110-make-ipsec.patch b/net/strongswan/patches/110-make-ipsec.patch new file mode 100644 index 0000000000..0d2a4e6fb1 --- /dev/null +++ b/net/strongswan/patches/110-make-ipsec.patch @@ -0,0 +1,11 @@ +Index: strongswan-2.8.2/programs/ipsec/Makefile +=================================================================== +--- strongswan-2.8.2.orig/programs/ipsec/Makefile 2007-06-04 13:23:04.756010872 +0200 ++++ strongswan-2.8.2/programs/ipsec/Makefile 2007-06-04 13:23:05.227939128 +0200 +@@ -24,5 +24,5 @@ + include ../Makefile.program + + install:: ipsec +- @$(INSTALL) $(INSTBINFLAGS) ipsec $(RCDIR)/ipsec ++ @$(INSTALL) $(INSTBINFLAGS) -D ipsec $(RCDIR)/ipsec + diff --git a/net/strongswan/patches/120-make-pluto.patch b/net/strongswan/patches/120-make-pluto.patch new file mode 100644 index 0000000000..e0dd813bb7 --- /dev/null +++ b/net/strongswan/patches/120-make-pluto.patch @@ -0,0 +1,13 @@ +Index: strongswan-2.8.2/programs/pluto/alg/Makefile +=================================================================== +--- strongswan-2.8.2.orig/programs/pluto/alg/Makefile 2007-06-04 13:23:04.734014216 +0200 ++++ strongswan-2.8.2/programs/pluto/alg/Makefile 2007-06-04 13:23:05.416910400 +0200 +@@ -20,7 +20,7 @@ + include Config.ike_alg + + LIBCRYPTO:=../../../lib/libcrypto +-ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) ++ALLFLAGS=$(CPPFLAGS) $(CFLAGS) -I .. -I- -I ../../../linux/include -I $(LIBCRYPTO) $(USERCOMPILE) + LIBALG := libalg.o + + all : $(LIBALG) diff --git a/net/strongswan/patches/130-make-starter.patch b/net/strongswan/patches/130-make-starter.patch new file mode 100644 index 0000000000..93888ab6b6 --- /dev/null +++ b/net/strongswan/patches/130-make-starter.patch @@ -0,0 +1,21 @@ +Index: strongswan-2.8.2/programs/starter/Makefile +=================================================================== +--- strongswan-2.8.2.orig/programs/starter/Makefile 2007-06-04 13:23:04.711017712 +0200 ++++ strongswan-2.8.2/programs/starter/Makefile 2007-06-04 13:23:06.227787128 +0200 +@@ -16,7 +16,6 @@ + FREESWANSRCDIR?=$(shell cd ../..; pwd) + include ${FREESWANSRCDIR}/Makefile.inc + +-LD=$(CC) + RM=rm + LEX=flex + BISON=bison +@@ -59,7 +58,7 @@ + all: starter + + starter: $(OBJS) $(FREESWANLIB) +- $(LD) $(LDFLAGS) -o starter $(OBJS) $(LIBS) ++ $(CC) $(LDFLAGS) -o starter $(OBJS) $(LIBS) + + lex.yy.c: parser.tab.c parser.l parser.y parser.h + $(LEX) parser.l diff --git a/net/strongswan/patches/200-wakeup-showstatus.patch b/net/strongswan/patches/200-wakeup-showstatus.patch new file mode 100644 index 0000000000..731f83c2e0 --- /dev/null +++ b/net/strongswan/patches/200-wakeup-showstatus.patch @@ -0,0 +1,234 @@ +Index: strongswan-2.8.2/programs/Makefile +=================================================================== +--- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:04.661025312 +0200 ++++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:06.414758704 +0200 +@@ -22,7 +22,7 @@ + SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark + SUBDIRS+=auto barf ipsec look manual ranbits secrets starter + SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey +-SUBDIRS+=ikeping examples openac scepclient ++SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup + + ifeq ($(USE_LWRES),true) + SUBDIRS+=lwdnsq +Index: strongswan-2.8.2/programs/_showstatus/Makefile +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ strongswan-2.8.2/programs/_showstatus/Makefile 2007-06-04 13:23:06.414758704 +0200 +@@ -0,0 +1,22 @@ ++# Makefile for miscelaneous programs ++# Copyright (C) 2002 Michael Richardson ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 2 of the License, or (at your ++# option) any later version. See . ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# for more details. ++# ++# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $ ++ ++FREESWANSRCDIR=../.. ++include ${FREESWANSRCDIR}/Makefile.inc ++ ++PROGRAM=_showstatus ++PROGRAMDIR=${LIBDIR} ++ ++include ../Makefile.program +Index: strongswan-2.8.2/programs/_showstatus/_showstatus.8 +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ strongswan-2.8.2/programs/_showstatus/_showstatus.8 2007-06-04 13:23:06.414758704 +0200 +@@ -0,0 +1,23 @@ ++.TH _showstatus 8 "03 Feb 2007" ++.\" ++.\" RCSID $Id: _showstatus.8 ++.\" ++.SH NAME ++ipsec _showstatus \- give state feedback via led or other method ++.SH SYNOPSIS ++.I _showstatus ++is invoked by _updown to trigger led's, or other distribution ++or platform specific behavior. Presently, the SES button is ++supported as a status light on OpenWRT platforms. The button ++is configurable by environment variable: ++-B IPSEC_STATUS_LED_START ++defaults to ses_orange, and ++-B IPSEC_STATUS_LED_VALID ++defaults to ses_white. ++.SH "SEE ALSO" ++ipsec(8), ipsec_updown(8). ++.SH HISTORY ++Man page written for the Linux strongSwan project ++by Kevin Cody Jr. Original manpage for _updown by Michael Richardson. ++Original program written by Henry Spencer. Extended for the Linux strongSwan ++project by Andreas Steffen. +Index: strongswan-2.8.2/programs/_showstatus/_showstatus.in +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ strongswan-2.8.2/programs/_showstatus/_showstatus.in 2007-06-04 13:23:06.414758704 +0200 +@@ -0,0 +1,70 @@ ++#! /bin/sh ++# ++# Copyright (C) 2007 Kevin Cody Jr. ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 2 of the License, or (at your ++# option) any later version. See . ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# for more details. ++# ++# RCSID $Id: _showstatus.in ++ ++ ++LED_START=$IPSEC_STATUS_LED_START ++LED_VALID=$IPSEC_STATUS_LED_VALID ++ ++[ -z "$LED_START" ] && LED_START="ses_orange" ++[ -z "$LED_VALID" ] && LED_VALID="ses_white" ++ ++ ++setled() { ++ led=$1 ++ st=$2 ++ ++ [ -n "$led" -a -n "$st" ] || return ++ ++ if [ -w "/proc/diag/led/$led" ] ; then ++ echo "$st" > "/proc/diag/led/$led" ++ fi ++ ++ # integrate other led control methods here ++ ++} ++ ++ ++case "$1" in ++ 'start') ++ [ -n "$LED_VALID" ] && setled "$LED_START" 1 ++ [ -z "$LED_VALID" ] && setled "$LED_START" f ++ setled "$LED_VALID" 0 ++ ;; ++ 'stop') ++ setled "$LED_START" 0 ++ setled "$LED_VALID" 0 ++ ;; ++ 'valid') ++ setled "$LED_VALID" 1 ++ ;; ++ 'invalid') ++ setled "$LED_VALID" 0 ++ ;; ++ 'up') ++ [ -n "$LED_VALID" ] && setled "$LED_START" 0 ++ [ -z "$LED_VALID" ] && setled "$LED_START" 1 ++ setled "$LED_VALID" 1 ++ ;; ++ 'down') ++ [ -n "$LED_VALID" ] && setled "$LED_START" 1 ++ [ -z "$LED_VALID" ] && setled "$LED_START" f ++ setled "$LED_VALID" f ++ ;; ++ *) ++ echo "$0: unknown status $status" >&2 ++ ;; ++esac ++ +Index: strongswan-2.8.2/programs/wakeup/Makefile +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ strongswan-2.8.2/programs/wakeup/Makefile 2007-06-04 13:23:06.415758552 +0200 +@@ -0,0 +1,22 @@ ++# Makefile for miscelaneous programs ++# Copyright (C) 2002 Michael Richardson ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 2 of the License, or (at your ++# option) any later version. See . ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# for more details. ++# ++# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $ ++ ++FREESWANSRCDIR=../.. ++include ${FREESWANSRCDIR}/Makefile.inc ++ ++PROGRAM=wakeup ++PROGRAMDIR=${LIBDIR} ++ ++include ../Makefile.program +Index: strongswan-2.8.2/programs/wakeup/wakeup.8 +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ strongswan-2.8.2/programs/wakeup/wakeup.8 2007-06-04 13:23:06.415758552 +0200 +@@ -0,0 +1,16 @@ ++.TH wakeup 8 "03 Feb 2007" ++.\" ++.\" RCSID $Id: wakeup.8 ++.\" ++.SH NAME ++ipsec wakeup \- stalled and down connection detection ++.SH SYNOPSIS ++.I wakeup ++is invoked by cron and checks ipsec status, whacking as necessary. ++.SH "SEE ALSO" ++ipsec(8), ipsec_whack(8). ++.SH HISTORY ++Man page written for the Linux strongSwan project ++by Kevin Cody Jr. Original manpage for _updown by Michael Richardson. ++Original program written by Henry Spencer. Extended for the Linux strongSwan ++project by Andreas Steffen. +Index: strongswan-2.8.2/programs/wakeup/wakeup.in +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ strongswan-2.8.2/programs/wakeup/wakeup.in 2007-06-04 13:23:06.415758552 +0200 +@@ -0,0 +1,38 @@ ++#! /bin/sh ++# wakeup script ++# ++# Copyright (C) 2007 Kevin Cody Jr. ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation; either version 2 of the License, or (at your ++# option) any later version. See . ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ++# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++# for more details. ++# ++ ++# only applicable when ipsec is running ++[ -e /var/run/pluto.pid ] || exit ++ ++# loop through any erouted tunnels in the HOLD state ++for f in `ipsec status | awk '/erouted HOLD/{ print $2 }' | cut -f1 -d\: | cut -f2 -d\"` ; do ++ ++ # only whack if no pending events at all exists ++ ipsec status | grep STATE | grep -q $f || ++ ipsec whack --name $f --initiate --asynchronous ++ ++done ++ ++# loop through any tunnels that don't quite exist ++for f in `ipsec status | awk '/prospective erouted/{ print $2 }' | cut -f1 -d: | grep -v \# | cut -f2 -d\"` ; do ++ ++ ipsec status | grep STATE_QUICK | grep -q $f || { ++ ipsec status | grep STATE_MAIN | grep -q $f && ipsec down $f ++ ipsec up $f ++ } ++ ++done ++ diff --git a/net/strongswan/patches/210-updown.patch b/net/strongswan/patches/210-updown.patch new file mode 100644 index 0000000000..d546625316 --- /dev/null +++ b/net/strongswan/patches/210-updown.patch @@ -0,0 +1,662 @@ +Index: strongswan-2.8.2/programs/_updown/_updown.8 +=================================================================== +--- strongswan-2.8.2.orig/programs/_updown/_updown.8 2007-06-04 13:23:04.632029720 +0200 ++++ strongswan-2.8.2/programs/_updown/_updown.8 2007-06-04 13:23:06.656721920 +0200 +@@ -8,8 +8,23 @@ + .I _updown + is invoked by pluto when it has brought up a new connection. This script + is used to insert the appropriate routing entries for IPsec operation. +-It can also be used to insert and delete dynamic iptables firewall rules. +-The interface to the script is documented in the pluto man page. ++It also inserts and deletes dynamic iptables firewall rules. IMPORTANT! ++By default, it will ACCEPT as appropriate on the INPUT, OUTPUT, FORWARD ++tables. Most distributions will want to change that to provide more ++flexibility in their firewall configuration. ++The script looks for the environment variables ++.B IPSEC_UPDOWN_RULE_IN ++for the iptables table it should insert into, ++.B IPSEC_UPDOWN_DEST_IN ++for where the rule should -j jump to, ++.B IPSEC_UPDOWN_RULE_OUT ++.B IPSEC_UPDOWN_DEST_OUT ++for the same on outgoing packets, and ++.B IPSEC_UPDOWN_FWD_RULE_IN ++.B IPSEC_UPDOWN_FWD_DEST_IN ++.B IPSEC_UPDOWN_FWD_RULE_OUT ++.B IPSEC_UPDOWN_FWD_DEST_OUT ++respectively for packets being forwarded to/from the local networks. + .SH "SEE ALSO" + ipsec(8), ipsec_pluto(8). + .SH HISTORY +Index: strongswan-2.8.2/programs/_updown/_updown.in +=================================================================== +--- strongswan-2.8.2.orig/programs/_updown/_updown.in 2007-06-04 13:23:04.642028200 +0200 ++++ strongswan-2.8.2/programs/_updown/_updown.in 2007-06-04 13:23:06.657721768 +0200 +@@ -5,6 +5,7 @@ + # Copyright (C) 2003-2004 Tuomo Soini + # Copyright (C) 2002-2004 Michael Richardson + # Copyright (C) 2005-2006 Andreas Steffen ++# Copyright (C) 2007 Kevin Cody Jr + # + # This program is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by the +@@ -118,20 +119,61 @@ + # restricted on the peer side. + # + +-# uncomment to log VPN connections +-VPN_LOGGING=1 +-# ++# set to /bin/true to silence log messages ++LOGGER=logger ++ + # tag put in front of each log entry: + TAG=vpn +-# ++ + # syslog facility and priority used: +-FAC_PRIO=local0.notice +-# +-# to create a special vpn logging file, put the following line into +-# the syslog configuration file /etc/syslog.conf: +-# +-# local0.notice -/var/log/vpn +-# ++FAC_PRIO=authpriv.info ++ ++ ++# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY ++if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] ; then ++ IPSEC_POLICY_IN="" ++ IPSEC_POLICY_OUT="" ++else ++ IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID" ++ IPSEC_POLICY_IN="$IPSEC_POLICY --dir in" ++ IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out" ++fi ++ ++# are there port numbers? ++if [ "$PLUTO_MY_PORT" != 0 ] ; then ++ S_MY_PORT="--sport $PLUTO_MY_PORT" ++ D_MY_PORT="--dport $PLUTO_MY_PORT" ++fi ++ ++if [ "$PLUTO_PEER_PORT" != 0 ] ; then ++ S_PEER_PORT="--sport $PLUTO_PEER_PORT" ++ D_PEER_PORT="--dport $PLUTO_PEER_PORT" ++fi ++ ++# import firewall behavior ++IPT_RULE_IN=$IPSEC_UPDOWN_RULE_IN ++IPT_DEST_IN=$IPSEC_UPDOWN_DEST_IN ++IPT_RULE_OUT=$IPSEC_UPDOWN_RULE_OUT ++IPT_DEST_OUT=$IPSEC_UPDOWN_DEST_OUT ++ ++# import forwarding behavior ++FWD_RULE_IN=$IPSEC_UPDOWN_FWD_RULE_IN ++FWD_DEST_IN=$IPSEC_UPDOWN_FWD_DEST_IN ++FWD_RULE_OUT=$IPSEC_UPDOWN_FWD_RULE_OUT ++FWD_DEST_OUT=$IPSEC_UPDOWN_FWD_DEST_OUT ++ ++# default firewall behavior ++[ -z "$IPT_RULE_IN" ] && IPT_RULE_IN=INPUT ++[ -z "$IPT_DEST_IN" ] && IPT_DEST_IN=ACCEPT ++[ -z "$IPT_RULE_OUT" ] && IPT_RULE_OUT=OUTPUT ++[ -z "$IPT_DEST_OUT" ] && IPT_DEST_OUT=ACCEPT ++ ++# default forwarding behavior ++[ -z "$FWD_RULE_IN" ] && FWD_RULE_IN=FORWARD ++[ -z "$FWD_DEST_IN" ] && FWD_DEST_IN=ACCEPT ++[ -z "$FWD_RULE_OUT" ] && FWD_RULE_OUT=FORWARD ++[ -z "$FWD_DEST_OUT" ] && FWD_DEST_OUT=ACCEPT ++ + + # check interface version + case "$PLUTO_VERSION" in +@@ -150,8 +192,6 @@ + case "$1:$*" in + ':') # no parameters + ;; +-iptables:iptables) # due to (left/right)firewall; for default script only +- ;; + custom:*) # custom parameters (see above CAUTION comment) + ;; + *) echo "$0: unknown parameters \`$*'" >&2 +@@ -159,345 +199,307 @@ + ;; + esac + ++ + # utility functions for route manipulation + # Meddling with this stuff should not be necessary and requires great care. ++ + uproute() { + doroute add + ip route flush cache + } ++ + downroute() { + doroute delete + ip route flush cache + } + ++upfirewall() { ++ in_rule=$1 ++ in_dest=$2 ++ out_rule=$3 ++ out_dest=$4 ++ ++ [ -n "$in_rule" -a -n "$in_dest" ] && \ ++ iptables -I $in_rule 1 \ ++ -i $PLUTO_INTERFACE \ ++ -p $PLUTO_MY_PROTOCOL \ ++ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ ++ -d $PLUTO_MY_CLIENT $D_MY_PORT \ ++ $IPSEC_POLICY_IN \ ++ -j $in_dest ++ ++ [ -n "$out_rule" -a -n "$out_dest" ] && \ ++ iptables -I $out_rule 1 \ ++ -o $PLUTO_INTERFACE \ ++ -p $PLUTO_PEER_PROTOCOL \ ++ -s $PLUTO_MY_CLIENT $S_MY_PORT \ ++ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ ++ $IPSEC_POLICY_OUT \ ++ -j $out_dest ++ ++} ++ ++downfirewall() { ++ in_rule=$1 ++ in_dest=$2 ++ out_rule=$3 ++ out_dest=$4 ++ ++ [ -n "$in_rule" -a -n "$in_dest" ] && \ ++ iptables -D $in_rule \ ++ -i $PLUTO_INTERFACE \ ++ -p $PLUTO_MY_PROTOCOL \ ++ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ ++ -d $PLUTO_MY_CLIENT $D_MY_PORT \ ++ $IPSEC_POLICY_IN \ ++ -j $in_dest ++ ++ [ -n "$out_rule" -a -n "$out_dest" ] && \ ++ iptables -D $out_rule \ ++ -o $PLUTO_INTERFACE \ ++ -p $PLUTO_PEER_PROTOCOL \ ++ -s $PLUTO_MY_CLIENT $S_MY_PORT \ ++ -d $PLUTO_PEER_CLIENT $D_PEER_PORT \ ++ $IPSEC_POLICY_OUT \ ++ -j $out_dest ++ ++} ++ + addsource() { + st=0 +- if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local +- then ++ ++ if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local ; then ++ + it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE" + oops="`eval $it 2>&1`" + st=$? +- if test " $oops" = " " -a " $st" != " 0" +- then ++ ++ if [ " $oops" = " " -a " $st" != " 0" ] ; then + oops="silent error, exit status $st" + fi +- if test " $oops" != " " -o " $st" != " 0" +- then ++ ++ if [ " $oops" != " " -o " $st" != " 0" ] ; then + echo "$0: addsource \`$it' failed ($oops)" >&2 + fi + fi ++ + return $st + } + + doroute() { + st=0 + parms="$PLUTO_PEER_CLIENT" ++ parms2="dev $PLUTO_INTERFACE" + +- parms2= +- if [ -n "$PLUTO_NEXT_HOP" ] +- then +- parms2="via $PLUTO_NEXT_HOP" +- fi +- parms2="$parms2 dev $PLUTO_INTERFACE" +- +- if [ -z "$PLUTO_MY_SOURCEIP" ] +- then +- if [ -f /etc/sysconfig/defaultsource ] +- then +- . /etc/sysconfig/defaultsource +- fi ++ if [ -z "$PLUTO_MY_SOURCEIP" ] ; then + +- if [ -f /etc/conf.d/defaultsource ] +- then +- . /etc/conf.d/defaultsource +- fi ++ [ -f /etc/sysconfig/defaultsource ] && \ ++ . /etc/sysconfig/defaultsource ++ ++ [ -f /etc/conf.d/defaultsource ] && \ ++ . /etc/conf.d/defaultsource ++ ++ [ -n "$DEFAULTSOURCE" ] && \ ++ PLUTO_MY_SOURCEIP=$DEFAULTSOURCE + +- if [ -n "$DEFAULTSOURCE" ] +- then +- PLUTO_MY_SOURCEIP=$DEFAULTSOURCE +- fi + fi + + parms3= +- if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" +- then ++ if [ "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" ] ; then + addsource + parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}" + fi + +- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in +- "0.0.0.0/0.0.0.0") ++ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \ ++ "0.0.0.0/0.0.0.0" ] ; then + # opportunistic encryption work around + # need to provide route that eclipses default, without + # replacing it. +- it="ip route $1 0.0.0.0/1 $parms2 $parms3 && +- ip route $1 128.0.0.0/1 $parms2 $parms3" +- ;; +- *) it="ip route $1 $parms $parms2 $parms3" +- ;; +- esac ++ it="ip route $1 0.0.0.0/1 $parms2 $parms3 && ++ ip route $1 128.0.0.0/1 $parms2 $parms3" ++ else ++ it="ip route $1 $parms $parms2 $parms3" ++ fi ++ + oops="`eval $it 2>&1`" + st=$? +- if test " $oops" = " " -a " $st" != " 0" +- then +- oops="silent error, exit status $st" +- fi +- if test " $oops" != " " -o " $st" != " 0" +- then +- echo "$0: doroute \`$it' failed ($oops)" >&2 ++ ++ if [ " $oops" = " " -a " $st" != " 0" ] ; then ++ oops="silent error, exit status $st" + fi ++ ++ if [ " $oops" != " " -o " $st" != " 0" ] ; then ++ echo "$0: doroute \`$it' failed ($oops)" >&2 ++ fi ++ + return $st + } +- +-# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY +-if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] +-then +- IPSEC_POLICY_IN="" +- IPSEC_POLICY_OUT="" +-else +- IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID" +- IPSEC_POLICY_IN="$IPSEC_POLICY --dir in" +- IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out" +-fi + +-# are there port numbers? +-if [ "$PLUTO_MY_PORT" != 0 ] +-then +- S_MY_PORT="--sport $PLUTO_MY_PORT" +- D_MY_PORT="--dport $PLUTO_MY_PORT" +-fi +-if [ "$PLUTO_PEER_PORT" != 0 ] +-then +- S_PEER_PORT="--sport $PLUTO_PEER_PORT" +- D_PEER_PORT="--dport $PLUTO_PEER_PORT" +-fi ++dologentry() { ++ action=$1 ++ ++ if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] ; then ++ rem="$PLUTO_PEER" ++ else ++ rem="$PLUTO_PEER_CLIENT == $PLUTO_PEER" ++ fi ++ ++ if [ "$PLUTO_MY_CLIENT" == "$PLUTO_ME/32" ] ; then ++ loc="$PLUTO_ME" ++ else ++ loc="$PLUTO_ME == $PLUTO_MY_CLIENT" ++ fi ++ ++ $LOGGER -t $TAG -p $FAC_PRIO "$action $rem -- $loc ($PLUTO_PEER_ID)" ++} ++ + + # the big choice ++ + case "$PLUTO_VERB:$1" in + prepare-host:*|prepare-client:*) + # delete possibly-existing route (preliminary to adding a route) +- case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in +- "0.0.0.0/0.0.0.0") +- # need to provide route that eclipses default, without ++ ++ if [ "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" = \ ++ "0.0.0.0/0.0.0.0" ] ; then ++ # need to remove the route that eclipses default, without + # replacing it. +- parms1="0.0.0.0/1" +- parms2="128.0.0.0/1" +- it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1" +- oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`" +- ;; +- *) +- parms="$PLUTO_PEER_CLIENT" +- it="ip route delete $parms 2>&1" +- oops="`ip route delete $parms 2>&1`" +- ;; +- esac +- status="$?" +- if test " $oops" = " " -a " $status" != " 0" +- then +- oops="silent error, exit status $status" ++ it="( ip route delete 0.0.0.0/1 ; ++ ip route delete 128.0.0.0/1 )" ++ else ++ it="ip route delete $PLUTO_PEER_CLIENT" ++ fi ++ ++ oops="`$it 2>&1`" ++ st="$?" ++ ++ if [ " $oops" = " " -a " $st" != " 0" ] ; then ++ oops="silent error, exit status $st" + fi ++ + case "$oops" in + *'RTNETLINK answers: No such process'*) + # This is what route (currently -- not documented!) gives + # for "could not find such a route". + oops= +- status=0 ++ st=0 + ;; + esac +- if test " $oops" != " " -o " $status" != " 0" +- then ++ ++ if [ " $oops" != " " -o " $st" != " 0" ] ; then + echo "$0: \`$it' failed ($oops)" >&2 + fi +- exit $status ++ ++ exit $st ++ + ;; + route-host:*|route-client:*) + # connection to me or my client subnet being routed ++ ++ ipsec _showstatus valid + uproute ++ + ;; + unroute-host:*|unroute-client:*) + # connection to me or my client subnet being unrouted ++ ++ ipsec _showstatus invalid + downroute ++ + ;; +-up-host:) ++up-host:*) + # connection to me coming up +- # If you are doing a custom version, firewall commands go here. ++ ++ ipsec _showstatus up ++ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT ++ dologentry "VPN-UP" ++ + ;; +-down-host:) ++down-host:*) + # connection to me going down +- # If you are doing a custom version, firewall commands go here. +- ;; +-up-client:) +- # connection to my client subnet coming up +- # If you are doing a custom version, firewall commands go here. +- ;; +-down-client:) +- # connection to my client subnet going down +- # If you are doing a custom version, firewall commands go here. ++ ++ ipsec _showstatus down ++ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT ++ dologentry "VPN-DN" ++ + ;; +-up-host:iptables) +- # connection to me, with (left/right)firewall=yes, coming up +- # This is used only by the default updown script, not by your custom +- # ones, so do not mess with it; see CAUTION comment up at top. +- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ +- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ +- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT +- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ +- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ +- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT +- # +- # log IPsec host connection setup +- if [ $VPN_LOGGING ] +- then +- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] +- then +- logger -t $TAG -p $FAC_PRIO \ +- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" +- else +- logger -t $TAG -p $FAC_PRIO \ +- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" +- fi +- fi +- ;; +-down-host:iptables) +- # connection to me, with (left/right)firewall=yes, going down +- # This is used only by the default updown script, not by your custom +- # ones, so do not mess with it; see CAUTION comment up at top. +- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ +- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ +- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT +- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ +- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ +- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT +- # +- # log IPsec host connection teardown +- if [ $VPN_LOGGING ] +- then +- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] +- then +- logger -t $TAG -p $FAC_PRIO -- \ +- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" +- else +- logger -t $TAG -p $FAC_PRIO -- \ +- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" +- fi +- fi +- ;; +-up-client:iptables) +- # connection to client subnet, with (left/right)firewall=yes, coming up +- # This is used only by the default updown script, not by your custom +- # ones, so do not mess with it; see CAUTION comment up at top. +- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] +- then +- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ +- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ +- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ +- $IPSEC_POLICY_OUT -j ACCEPT +- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ +- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ +- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ +- $IPSEC_POLICY_IN -j ACCEPT ++up-client:*) ++ # connection to client subnet coming up ++ ++ ipsec _showstatus up ++ ++ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \ ++ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then ++ upfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT + fi +- # ++ + # a virtual IP requires an INPUT and OUTPUT rule on the host + # or sometimes host access via the internal IP is needed +- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] +- then +- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ +- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ +- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ +- $IPSEC_POLICY_IN -j ACCEPT +- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ +- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ +- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ +- $IPSEC_POLICY_OUT -j ACCEPT +- fi +- # +- # log IPsec client connection setup +- if [ $VPN_LOGGING ] +- then +- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] +- then +- logger -t $TAG -p $FAC_PRIO \ +- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" +- else +- logger -t $TAG -p $FAC_PRIO \ +- "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" +- fi +- fi +- ;; +-down-client:iptables) +- # connection to client subnet, with (left/right)firewall=yes, going down +- # This is used only by the default updown script, not by your custom +- # ones, so do not mess with it; see CAUTION comment up at top. +- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] +- then +- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ +- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ +- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ +- $IPSEC_POLICY_OUT -j ACCEPT +- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ +- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ +- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ +- $IPSEC_POLICY_IN -j ACCEPT ++ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then ++ upfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT ++ fi ++ ++ dologentry "VPN-UP" ++ ++ ;; ++down-client:*) ++ # connection to client subnet going down ++ ++ ipsec _showstatus down ++ ++ if [ "$PLUTO_MY_CLIENT" != "$PLUTO_ME/32" -a \ ++ "$PLUTO_MY_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] ; then ++ downfirewall $FWD_RULE_IN $FWD_DEST_IN $FWD_RULE_OUT $FWD_DEST_OUT + fi +- # ++ + # a virtual IP requires an INPUT and OUTPUT rule on the host + # or sometimes host access via the internal IP is needed +- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] +- then +- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ +- -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ +- -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ +- $IPSEC_POLICY_IN -j ACCEPT +- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ +- -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ +- -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ +- $IPSEC_POLICY_OUT -j ACCEPT +- fi +- # +- # log IPsec client connection teardown +- if [ $VPN_LOGGING ] +- then +- if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] +- then +- logger -t $TAG -p $FAC_PRIO -- \ +- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" +- else +- logger -t $TAG -p $FAC_PRIO -- \ +- "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" +- fi ++ if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] ; then ++ downfirewall $IPT_RULE_IN $IPT_DEST_IN $IPT_RULE_OUT $OUT_DEST_OUT + fi ++ ++ dologentry "VPN-DN" ++ + ;; +-# +-# IPv6 +-# + prepare-host-v6:*|prepare-client-v6:*) ++ + ;; + route-host-v6:*|route-client-v6:*) + # connection to me or my client subnet being routed ++ + #uproute_v6 ++ + ;; + unroute-host-v6:*|unroute-client-v6:*) + # connection to me or my client subnet being unrouted ++ + #downroute_v6 ++ + ;; + up-host-v6:*) + # connection to me coming up + # If you are doing a custom version, firewall commands go here. ++ + ;; + down-host-v6:*) + # connection to me going down + # If you are doing a custom version, firewall commands go here. ++ + ;; + up-client-v6:) + # connection to my client subnet coming up + # If you are doing a custom version, firewall commands go here. ++ + ;; + down-client-v6:) + # connection to my client subnet going down + # If you are doing a custom version, firewall commands go here. ++ + ;; +-*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 ++*) ++ echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 + exit 1 ++ + ;; + esac ++ diff --git a/net/strongswan/patches/300-openwrt.patch b/net/strongswan/patches/300-openwrt.patch new file mode 100644 index 0000000000..e249a8d613 --- /dev/null +++ b/net/strongswan/patches/300-openwrt.patch @@ -0,0 +1,26 @@ +Index: strongswan-2.8.2/Makefile.inc +=================================================================== +--- strongswan-2.8.2.orig/Makefile.inc 2007-06-04 13:23:04.604033976 +0200 ++++ strongswan-2.8.2/Makefile.inc 2007-06-04 13:23:06.855691672 +0200 +@@ -123,7 +123,7 @@ + # With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the + # INC_RCDIRS directories has been pre-created under DESTDIR. + INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d +-INC_RCDEFAULT=/etc/rc.d/init.d ++INC_RCDEFAULT=/etc/init.d + + # RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think + # will finally be (so utils/Makefile can create a symlink in BINDIR to the +Index: strongswan-2.8.2/programs/showhostkey/showhostkey.in +=================================================================== +--- strongswan-2.8.2.orig/programs/showhostkey/showhostkey.in 2007-06-04 13:23:04.612032760 +0200 ++++ strongswan-2.8.2/programs/showhostkey/showhostkey.in 2007-06-04 13:23:06.855691672 +0200 +@@ -62,7 +62,7 @@ + exit 1 + fi + +-host="`hostname --fqdn`" ++host="`cat /proc/sys/kernel/hostname`" + + awk ' BEGIN { + inkey = 0 diff --git a/net/strongswan/patches/310-make-ipsec-alg.patch b/net/strongswan/patches/310-make-ipsec-alg.patch new file mode 100644 index 0000000000..d5fad3d3e0 --- /dev/null +++ b/net/strongswan/patches/310-make-ipsec-alg.patch @@ -0,0 +1,19 @@ +Index: strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi +=================================================================== +--- strongswan-2.8.2.orig/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:04.583037168 +0200 ++++ strongswan-2.8.2/linux/net/ipsec/alg/Makefile.alg_cryptoapi 2007-06-04 13:23:07.053661576 +0200 +@@ -1,10 +1,10 @@ + MOD_CRYPTOAPI := ipsec_cryptoapi.o + + ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),) +-ALG_MODULES += $(MOD_CRYPTOAPI) +-obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI) +-static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init +-alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o ++#ALG_MODULES += $(MOD_CRYPTOAPI) ++#obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI) ++#static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init ++#alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o + else + $(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o") + endif diff --git a/net/strongswan/patches/320-no-modprobe.patch b/net/strongswan/patches/320-no-modprobe.patch new file mode 100644 index 0000000000..d8c3648baf --- /dev/null +++ b/net/strongswan/patches/320-no-modprobe.patch @@ -0,0 +1,108 @@ +Index: strongswan-2.8.2/programs/starter/klips.c +=================================================================== +--- strongswan-2.8.2.orig/programs/starter/klips.c 2007-06-04 13:23:04.544043096 +0200 ++++ strongswan-2.8.2/programs/starter/klips.c 2007-06-04 13:23:07.238633456 +0200 +@@ -44,7 +44,7 @@ + unsetenv("MODPATH"); + unsetenv("MODULECONF"); + system("depmod -a >/dev/null 2>&1"); +- system("modprobe -qv ipsec"); ++ system("insmod -qv ipsec"); + } + if (stat(PROC_IPSECVERSION, &stb) == 0) + { +@@ -62,11 +62,11 @@ + /* make sure that all available crypto algorithms are loaded */ + if (stat(PROC_MODULES, &stb) == 0) + { +- system("modprobe -qv ipsec_aes"); +- system("modprobe -qv ipsec_serpent"); +- system("modprobe -qv ipsec_twofish"); +- system("modprobe -qv ipsec_blowfish"); +- system("modprobe -qv ipsec_sha2"); ++ system("insmod -qv ipsec_aes"); ++ system("insmod -qv ipsec_serpent"); ++ system("insmod -qv ipsec_twofish"); ++ system("insmod -qv ipsec_blowfish"); ++ system("insmod -qv ipsec_sha2"); + } + + starter_klips_clear(); +Index: strongswan-2.8.2/programs/starter/netkey.c +=================================================================== +--- strongswan-2.8.2.orig/programs/starter/netkey.c 2007-06-04 13:23:04.551042032 +0200 ++++ strongswan-2.8.2/programs/starter/netkey.c 2007-06-04 13:23:07.238633456 +0200 +@@ -36,7 +36,7 @@ + /* af_key module makes the netkey proc interface visible */ + if (stat(PROC_MODULES, &stb) == 0) + { +- system("modprobe -qv af_key"); ++ system("insmod -qv af_key"); + } + + /* now test again */ +@@ -52,11 +52,11 @@ + /* make sure that all required IPsec modules are loaded */ + if (stat(PROC_MODULES, &stb) == 0) + { +- system("modprobe -qv ah4"); +- system("modprobe -qv esp4"); +- system("modprobe -qv ipcomp"); +- system("modprobe -qv xfrm4_tunnel"); +- system("modprobe -qv xfrm_user"); ++ system("insmod -qv ah4"); ++ system("insmod -qv esp4"); ++ system("insmod -qv ipcomp"); ++ system("insmod -qv xfrm4_tunnel"); ++ system("insmod -qv xfrm_user"); + } + + DBG(DBG_CONTROL, +Index: strongswan-2.8.2/programs/_startklips/_startklips.in +=================================================================== +--- strongswan-2.8.2.orig/programs/_startklips/_startklips.in 2007-06-04 13:23:04.560040664 +0200 ++++ strongswan-2.8.2/programs/_startklips/_startklips.in 2007-06-04 13:23:07.238633456 +0200 +@@ -249,7 +249,7 @@ + + if test ! -f $ipsecversion && test ! -f $netkey + then +- modprobe -v af_key ++ insmod -v af_key + fi + + if test -f $netkey +@@ -257,11 +257,11 @@ + klips=false + if test -f $modules + then +- modprobe -qv ah4 +- modprobe -qv esp4 +- modprobe -qv ipcomp +- modprobe -qv xfrm4_tunnel +- modprobe -qv xfrm_user ++ insmod -qv ah4 ++ insmod -qv esp4 ++ insmod -qv ipcomp ++ insmod -qv xfrm4_tunnel ++ insmod -qv xfrm_user + fi + fi + +@@ -272,7 +272,7 @@ + setmodule + unset MODPATH MODULECONF # no user overrides! + depmod -a >/dev/null 2>&1 +- modprobe -v ipsec ++ insmod -v ipsec + fi + if test ! -f $ipsecversion + then +@@ -288,7 +288,7 @@ + do + if test -f $moduleinstplace/alg/ipsec_$alg.o + then +- modprobe ipsec_$alg ++ insmod ipsec_$alg + fi + done + fi diff --git a/net/strongswan/patches/350-make-programs.patch b/net/strongswan/patches/350-make-programs.patch new file mode 100644 index 0000000000..aba957754f --- /dev/null +++ b/net/strongswan/patches/350-make-programs.patch @@ -0,0 +1,21 @@ +Index: strongswan-2.8.2/programs/Makefile +=================================================================== +--- strongswan-2.8.2.orig/programs/Makefile 2007-06-04 13:23:06.414758704 +0200 ++++ strongswan-2.8.2/programs/Makefile 2007-06-04 13:23:07.444602144 +0200 +@@ -17,12 +17,10 @@ + FREESWANSRCDIR=.. + include ${FREESWANSRCDIR}/Makefile.inc + +-SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto +-SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun +-SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark +-SUBDIRS+=auto barf ipsec look manual ranbits secrets starter +-SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey +-SUBDIRS+=ikeping examples openac scepclient _showstatus wakeup ++SUBDIRS=_copyright _updown _showstatus wakeup examples ++SUBDIRS+=barf calcgoo eroute ikeping klipsdebug look mailkey manual ++SUBDIRS+=openac pf_key pluto proc ranbits rsasigkey scepclient secrets ++SUBDIRS+=showdefaults showhostkey spi spigrp starter tncfg ipsec + + ifeq ($(USE_LWRES),true) + SUBDIRS+=lwdnsq